TIBCO's Security Priority
At TIBCO, security is our highest priority. TIBCO maintains a company-wide information security management system and control program that include security policies, standards, and procedures based on ISO/IEC 27001:2013.
TIBCO incorporates the STRIDE model to help analyze and find threats to ensure system and service integrity and reliability in processes, data stores, data flows, and trust boundaries. Our approaches ensure that applications and systems fulfill the CIA triad (confidentiality, integrity, and availability).
Threat | TIBCO Assurance |
---|---|
Spoofing identity | Authenticity - authentication |
Tampering with data | Integrity and auditing |
Repudiation threats | Non-repudiability |
Information disclosure | Confidentiality |
Denial of service | Availability |
Elevation of privilege | Authorization |
TIBCO adheres to privacy and security requirements related to the protection and processing of individual personal data (collectively, the "Protected Data"). For more information, see Customer Privacy and Security Statement.
TIBCO has adopted policies and practices in alignment with industry best-practices, including quickly addressing and disclosing vulnerabilities. TIBCO has an incident response policy and plan. The policy ensures that security incidents are identified, contained, investigated, and remedied. For more information or to report a potential security issue, see Security@TIBCO.
TIBCO has policies that guide our software development lifecycle (SDLC). They include peer reviews, static code analysis, and both manual and automated QA processes. In addition, we routinely run performance testing on any new or updated software to ensure the highest quality. There is a clear division between devops and development. All changes are logged in our source code repository. We use standard deployment tools. Our iterative methodology ensures a functional view of the processes, milestones, activities, and artifacts, or records.
TIBCO's Business Continuity Plan (BCP)
TIBCO has a Business Continuity Plan (BCP) to ensure the effects of an emergency event are minimized. If a disaster or emergency situation occurs, the Support Emergency Team (SEMT) coordinates the recovery effort and uses the Employee Communication Chains to notify staff that the BCP is activated.
TIBCO has an Information Security Management System (ISMS) to preserve the confidentiality, integrity, and availability of information. Information security is considered in the design of processes, information systems, and controls.
TIBCO’s Quality Management System (QMS) is based on ISO 9001, which is an internationally recognized standard that sets out the criteria for a quality management system incorporating the Plan-Do-Check-Act (PDCA) cycle. TIBCO's QMS is a formalized system of business processes, procedures, and responsibilities focused on:
-
Customer Excellence - Meeting customer requirements and enhancing customer satisfaction by providing high-quality products and services.
-
Quality - Meeting TIBCO requirements for quality policies and objectives with measurable goals.
TIBCO's Quality Management System is documented and structured in levels.