Confidential Information

This Policy describes Anaplan’s policies and procedures related to the principles and architecture of, the security- and privacy-related audits and certifications received for, and the administrative, technical and physical controls applicable to the Anaplan Service. Capitalized terms in this Policy shall have the meaning assigned to them in the applicable SaaS Subscription Agreement (or other agreement between the parties in which this Policy is referenced) unless otherwise defined herein.

1. Principles. Anaplan emphasizes the following principles in the design and implementation of its security program and practices.
   • 1.1 Confidentiality – Prevention of disclosure of information to unauthorized individuals or systems.
   • 1.2 Integrity – Maintaining the accuracy and consistency of data over its life cycle.
   • 1.3 Availability – Maximizing availability of information.
2. Security Program. Anaplan strives to maintain an effective security program, aligned with ISO 27001 standards and NIST 800-53 standards consisting of many of the industry’s best practices, which includes the following:
   • 2.1 Utilizing a formal risk management and treatment program that includes vendor risk;
   • 2.2 Conducting periodic risk assessments of all systems and networks that process Client Data, on at least an annual basis;
   • 2.3 Conducting periodic reviews of any prior security incidents and subsequent remediation; and
   • 2.4 Having a written security policy that explicitly addresses and provides guidance to its personnel in furtherance of the confidentiality, integrity and availability of Client Data and Anaplan’s systems. The policies are endorsed by Anaplan’s senior management and state ramifications for noncompliance.
   • 2.5 Having Anaplan resources (i.e. identified individual(s)) to foster and focus on information security efforts, led by Anaplan’s Chief Information Security Officer.
3. Architecture.
   • 3.1 Private and Public Cloud. Anaplan either wholly owns, or it manages, maintains and controls access to the systems used to provide the Anaplan Service as hosted out of data center facilities in the United States and in Europe (the “Anaplan Private Cloud”). Anaplan also engages with third-party providers of cloud infrastructure as identified in our List of Subprocessors to operate the Anaplan Service to store Client model data through their infrastructure under Anaplan’s direction (the “Anaplan Public Cloud”), with the application and platform metadata stored and operate out of the Anaplan Private Cloud data center facilities. All data centers are backed up for disaster recovery purposes to a corresponding data center in the same region. That is, United States data centers are backed up to United States disaster recovery data centers while European data centers are backed up in Europe. Each facility is fully protected 24x7x365 by a variety of security measures such as, by way of example, fences, walls, moats, mantraps, security guards and video cameras. All activity is logged, recorded and stored for no less than 30 days. Entry to each facility requires prior authorization and verification of government-issued identification and biometric confirmation. Each facility has an annual audit by industry leading firms for ISO 27001 and Service Organization Control compliance. Please review the platform subprocessor information for both Anaplan Private Cloud and Anaplan Public Cloud locations and backup regions.
   • 3.2 Redundant Infrastructure. Anaplan infrastructure utilizes a redundant “active/passive” design to enable full operational failover.
   • 3.3 Environmental Controls. Each facility includes controls regarding utilities such as power, air quality, temperature, humidity, lighting, fire suppression, and other environmental factors.
   • 3.4 Security Infrastructure. Each facility is protected by a “defense-in-depth” security architecture consisting of firewalls, anti-virus/anti-malware protection, robust logging and monitoring capabilities, and DDoS protection monitoring and mitigation.
   • 3.5 Network Infrastructure. The internal network infrastructure is securely segmented using firewalls, Virtual Networks (VLANS) and Access Control Lists (ACLs) which limits the access and communication between systems and environments. Systems and individuals are not permitted to reach other systems without proper authorization.
   • 3.6 Server Infrastructure. Every server is hardened and imaged to contain only the necessary services to operate. All hosts are subject to a regular patching and maintenance routine and are continuously monitored for vulnerabilities and security threats using industry-leading technology. All servers are controlled and managed by an automation system to ensure consistent configuration across the environment.
   • 3.7 Containers, Virtualization. Containers and virtualized environments are hardened and imaged to contain only the necessary services to operate. All virtual infrastructure is subject to a regular patching and maintenance routine and continuously monitored for vulnerabilities and security threats using industry-leading technology. Anaplan controls and manages virtualized environments to ensure consistent configuration across the environments.
4. Data Protection.
   • 4.1 Data Storage. All data is held on redundant encrypted SAN using industry standard encryption technology. Data is also securely streamed in near real-time to backup and disaster recovery storage. Backed-up data is stored using industry standard encryption technology. In the event that data needs to be restored, the SAN backups would be used first. Anaplan will keep all Client Data physically and logically secured and logically segregated from other client data.
   • 4.2 Data Management. Anaplan allows clients to manage data themselves. Clients may download data from the Service at any time during the subscription period. Anaplan’s model history records changes made to data, by whom, and when.
   • 4.3 Data Encryption. Anaplan uses industry-standard encryption products to protect Client Data and communications during transmissions between a client’s network and Anaplan, including management of public keys. All data in transit between client and server is encrypted using HTTPS/TLS. Data at rest is stored in a unique binary format and subject to AES 256- bit full disk encryption.
5. Audits and Certifications
   • 5.1 Service Organization Control (SOC) Reports. The information security control environment applicable to Anaplan’s operations undergoes an evaluation in the form of Service Organization Control (SOC) reports. Data center facilities also undergo ISO 27001 audits.
   • 5.2 Security Documentation. Upon Client’s written request and up to once per year, Anaplan will make available (a) its then-current SOC 1, Type 2 and SOC 2, Type 2 audit reports (or comparable industry-standard successor reports); and (b) provide an executive summary of its most recently conducted penetration test.
   • 5.3 TRUSTe Enterprise Privacy Seal: Anaplan has been awarded and strives to maintain the TRUSTe Enterprise Privacy Seal signifying that Anaplan’s Web Site Privacy Statement and associated practices related to Anaplan have been reviewed by TRUSTe for compliance with TRUSTe’s program requirements, including transparency, accountability, and choice regarding the collection and use of personal data.
6. Security Controls
   • 6.1 End User Access Controls. Anaplan supports a variety of configurable security controls including: unique user identifiers (user IDs) to ensure that activities can be attributed to the responsible individual; controls to revoke access after several consecutive failed login attempts; controls to ensure generated initial passwords must be reset on first use; controls to force a user password to be changed periodically or to expire after a period of use; controls to terminate a user session after a period of inactivity; password complexity requirements; and denial of access to new users by default subject to the client’s granting or enabling of end user access. Further, Anaplan supports SAML 2.0 SSO (Single Sign-On), which clients can use to centrally manage user access.
   • 6.2 Access Control. Anaplan ensures that only authorized personnel have access to systems supporting the Anaplan Service. Anaplan and its subservice organizations have implemented the following controls for access to systems: logical access to systems can only be made using multi-factor authentication via secure VPN; access to Anaplan-managed servers is further protected by the mandatory use of SSH public key infrastructure (PKI) technology; personnel cannot see any end-user data without being granted permission by the end user-owner through the native access control system; access is based on the information security principles of ‘least privilege’ and ‘need to know’ with access strictly limited to a select number of skilled individuals; all access is monitored and logged; personnel accessing systems holding Client Data are trained on documented information security and privacy procedures; all personnel are subject to background checks prior to employment; all personnel are required to sign client data confidentiality agreements; and, access is immediately revoked on termination of employment.
   • 6.3 Third party service providers. Anaplan personnel take commercially reasonable steps to select and retain only third-party service providers that will maintain and implement the security measures consistent with the measures stated in this Policy and in accordance with all applicable state, federal or international laws and/or regulations.
7. Vulnerability and Malware Management
   • 7.1 Malware and Viruses. Anaplan systems will not knowingly or intentionally introduce any virus or malware to a client’s systems. Scans are performed on systems holding Client Data for viruses and malware that could be included in attachments or other Client Data uploaded to the Anaplan Service. Anaplan endpoints have agent-based EDR (Endpoint Detection and Response), while NTDR (Network Threat Detection and Response helps protect the networks.
   • 7.2 Web Application Vulnerability Management. The Anaplan Service is subjected to regular Web Application Scanning (WAS) process carried out using market leading security and compliance providers.
   • 7.3 Third Party Penetration Testing. The Anaplan Service undergoes penetration testing by a third-party firm at least once per year.
8. Security Procedures, Policies and Logging. All Anaplan-managed systems used in the provision of the Anaplan Service, including firewalls, routers, network switches, operating systems, and virtualized environments log information to their respective system log facility and to a centralized syslog server. All data access by Client and personnel is monitored and logged. All data changes by Client and staff are monitored and logged. Logging will be kept for a minimum of 365 days. Logging is kept in a secure area to prevent tampering.
9. Disaster Recovery. Disaster recovery plans are in place and tested at least once per year. Anaplan utilizes disaster recovery facilities that are geographically remote from their primary data centers, along with the required hardware, software, and Internet connectivity. In the event production capabilities at the primary data centers were rendered unavailable, the disaster recovery hosting facilities would be enabled and brought online. As Client Data is already streamed to and stored within these same facilities, recovery time would be minimized.
10. System Maintenance. Maintenance is carried out during Scheduled Maintenance hours as provided in the Anaplan Availability and Support SLA. Scheduled Maintenance is most commonly used for new version releases but may be performed for other updates.
11. Change Management. Anaplan fully documents change management procedures for all tiers of the service covering application, operating system, server and network layers. All configuration changes are tracked and managed through a written ticketing system and require approval from Anaplan’s Change Review Board.
12. Incident Management. Anaplan maintains incident management policies and procedure describing the roles and responsibilities of the Support, TechOps, Security and Engineering teams and other functional groups. Escalations between the teams are determined based on the nature of issue (infrastructure, security, application or client model), duration of issue, and/or scope of issue. A root cause analysis is performed after an issue is resolved.

Anaplan reserves the right to update its Data and Security Policy from time to time, provided that no such update will materially and adversely diminish the overall security of the Anaplan Service during the Subscription Term.

Confidential Information