We understand that using a tool with above standard safeguards in place is an important part of your workflow, as we have security-sensitive customers using TestRail, including many leading technology companies, defense contractors, aerospace companies, banks, and government agencies for both our server and cloud editions, that are actively using our Cloud infrastructure.
For TestRail Cloud, we are using a locked-down Amazon AWS infrastructure, and Amazon has many security certificates and also participates in many assurance programs to support necessary certifications. You can see a list of security programs and certificates on the Amazon website, including important third-party certifications such as SOC2/3, PCI, ISO certifications and more here.
Here are some additional security information below regarding TestRail Cloud:
- We use Kubernetes in the TestRail Cloud environment and we apply all Kubernetes security patches as soon as they're available
- We allow the option to specify your own password policy including regex use
- We allow the option to restrict access via IP so only accepted networks specified by your team can access the instance. 403 HTTP codes will be the response for anyone outside the specified range
- API and application traffic go through HTTPS protocol
- Root-level/server access is restricted only to engineers who require it
- We are GDPR compliant
- TestRail's sub-processors can be found here
- Our code of conduct for our sub-processors can be found here
In cases where TestRail Cloud doesn't suffice per your company's requirements, TestRail Server is an option. TestRail Server is installed entirely on your system/server, and would, therefore, be behind any network firewalls and/or other security measures your team already has in place including your company's own security policies for your employees.
Requests for Security Forms or Questionnaires
Security forms and/or questionnaires generally cannot be completed, as we maintain a security section on our website to better inform our customers of our security protocols. The reason for this is to keep our purchase process as simple and easy as possible to allow customers to sign up to TestRail without additional forms or contracts. If there are specific questions you would like our support team to answer directly we'd be happy to help, or if you wish to access our SOC2 report and other security documents, please submit a request here.