Guiding principles
Privacy
Data handled in our tools remains confidential. We adhere to data privacy best practices, including GDPR rules.
Modern standards
With our state-of-the-art encryptions, access control systems, and compliance, you can rest assured that the Robocorp platform is secure.
Configurability
Robocorp gives options on where the robots are run and the robots can operate with just metadata.
Compliance
Our products are compliant with various data privacy regulations, enabling our customers to build compliant automations.
Transparency
We’re against security through obscurity, and we are confident in discussing our product security design.
Robocorp's security by design approach allows Thoughtful Automation to focus on our primary goal of delivering business value through Digital Workers. Robocorp helps us mitigate attack vectors out of the box with options to adapt to any InfoSec model.
We have chosen to build on the Robocorp platform because it is extremely robust and reliable, their excellent security practices allow us to focus on building trusted automations that our clients love.
Robocorp takes security seriously and it is an evident part of their culture as a technology organization. With their platform we deploy automations with confidence and no concerns have gone unaddressed.
All our projects have security at the forefront, Robocorp and its engineering team aligns with this fact, allowing us to deliver secure automations in even the most stringent of circumstances.
Securing your automations
Robocorp ensures you can build your automations in a secure manner, taking into account any data privacy requirements.
Robust access control
To prevent unauthorized access to settings, data and automations, Robocorp offers Role Based Access Management. In addition, isolated workspaces separate access to automations and data.
Accountability for bot actions
To ensure accountability, Robocorp offers a secure Vault to store access credentials information. And to help with monitoring, each automated process has a unique identity.
Secure RPA development
Robocorp offers the best CI/CD practices available for robot code change management. We use industry-leading encryption to protect data processed by and stored in your automations.
Detailed audit logs
Detailed audit trails are provided to stay on top of actions performed in a workspace, as well as for each individual robot, helping with maintenance and incident management.”
Secure development and deployment
Robocorp uses best practices for user logins, encryption, and API access. And because we don’t believe in security through obscurity, we’re happy to share our encryption models.
Privacy & Compliance
Privacy compliance and data processing addendum (DPA)
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations. The best way to ensure data privacy is the principle of least privilege: you have full control of the data within your automations. If you are processing sensitive data, we recommend you build your automations so that data does not leave your control.
You can learn more about Robocorp’s commitment to compliance with the General Data Protection Regulation (GDPR) in our GDPR documentation. Robocorp terms of use automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you are processing GDPR related data, your Robocorp Cloud admin needs to verify that in Robocorp Cloud admin panel.
SOC 2 & HIPAA Compliance
Robocorp is SOC 2 Type II and HIPAA Compliant. These certifications ensure that we are following best practices for security and data handling that were set in place by AICPA, the Office for Civil Rights (OCR), and the Department of Health and Human Services (HHS).
We take our dedication to privacy and data handling seriously. That's why we work hard to ensure compliance with SOC2 Type II standards, HIPAA regulations, and other data handling best practices. We hope these certifications will bring peace of mind for our partners and customers alike that we are committed to providing the safest run environments and data handling practices. You can read more about SOC 2 Type II and Robocorp's commitment to security in our post about SOC 2 Compliance.
Frequently asked questions
Ensuring that only authorized users or robots have access to your sensitive data and automations:
How do robots gain access to the target systems?
Typically robots operate under a service account. It is strongly recommended to store required credentials using a dedicated secrets management system. Robocorp Vault is included in all subscription tiers. Read more here.
Alternatively, attended robots (assistants) may utilize human-in-the-loop for authentication e.g. by having the end-user log into the target system as part of the workflow. From security perspective this is great, as the robot never even needs to access the credentials.
How are vault secrets stored in Robocorp Cloud?
Robocorp Vault encrypts the access credentials securely on multiple levels. Each secret is encrypted with a data key that is unique for the specific secret. The data key is further encrypted with a master key, and the encrypted secret and encrypted data key are stored in a database.
The master key is managed and protected, and it is never accessible in plaintext format by the Vault application. Secret payloads are encrypted to ensure the requested secret can be opened only by the intended recipient.
How can the access credentials be controlled and managed by the user?
Credentials required by the robots are stored securely in a Vault. Only the users or robots in a given workspace can view the secrets stored in the Vault of that workspace.
Can I use my own Vault?
Yes. Robots can be easily integrated with most secret management systems via their APIs. We routinely see also hybrid approaches where the actual secrets are stored in another vault solution and Robocorp Vault is used for storing access credentials needed by robots to access the external vault.
Can I see and track what my automations have done?
Yes, Robocorp provides detailed logs on an individual process run level.
Read more here.
Can I segregate user access between different automated processes?
Yes. Workspaces in Robocorp are confined environments for both users and robots. A user with access to a given workspace, has access to all the automations in that workspace. Workspaces are a convenient way to separate e.g. functional or team access to accounting automations or HR automations. Similarly, you can use workspaces to separate between production and development environments.
How can I control the read & write access of the users?
Users can be given different access rights within each workspace.
How do I control the user access to Assistants?
Robocorp Cloud is a convenient way to distribute Assistant to users across your organizations. By adding an Assistant to your workspace, you can control the users who are able to download and use the Assistant from their desktop. It is convenient to maintain the code and manage access and use of the Assistants from your Robocorp account.
Read more here.