To support the growing adoption of SaaS solutions, Arena offers solutions on three platforms.
Arena North America is described on this page. The architecture differences in the physical and infrastructure layers for AWS GovCloud (US) and Arena Europe are noted.
Arena’s security model is robust, protecting our customers’ valuable product and quality information. This data is crucial to each customer’s business, so protecting it is our core priority. By prioritizing security in our platform architecture, we provide customers one of the most secure places against threats for data at scale, in or out of the Cloud.
Arena’s product lifecycle management (PLM) and quality management system (QMS) solutions use a multilayered approach to protect your intellectual property (IP). Each security layer provides a specific level of protection for your data.
The first layer of defense is a well-defined, comprehensive set of security processes and policies to ensure the security of our customers’ data and user accounts. Our solution is SOC 2 Type 2 compliant.
We use a formal change control policy to evaluate the system and standard operating procedure (SOP) changes. And, all Arena employees and contractors train annually to ensure employee awareness of and compliance with security policies using Arena Training.
All Arena North America production equipment is owned and operated by Arena, a PTC Business and is co-located at a secure world-class facility. Only a restricted set of Arena operations employees have operational access.
AWS GovCloud (US) addresses many security and compliance requirements. The Physical Layer is managed by AWS. Use this link for the latest information.
Arena Europe offers EMEA customers cloud-based software systems hosted in Europe. The Physical Layer is managed by AWS. AWS EU Data Protection measures are described at this link.
The Arena North America perimeter defense layer includes multiple firewalls, operating system-level security measures, and network protocols. No root access is allowed and unnecessary ports are closed. All security patch activities are subject to SOC 2 auditing.
AWS GovCloud (US) addresses many security and compliance requirements. The Infrastructure Layer is managed by AWS. Use this link for the latest information.
Arena Europe offers EMEA customers cloud-based software systems hosted in Europe. The Infrastructure Layer is managed by AWS. AWS EU Data Protection measures are described at this link.
Arena uses many security measures to enable the secure flow of product and quality information from input through the delivery to the end-user or an integrated system. Measures include data encryption, controlled application access, secure API for integrations, redundant and backed-up storage, and isolated multi-tenancy.
User security is enforced by allowing only authorized users to view and modify a strictly defined set of objects and data, enabling users to have access to the information they need. When a user changes product information, the changes are logged in the database. In addition to system-wide measures for passwords and sessions, customer administrators can enforce two-factor authentication and define their users’ access to defined data sets.
For more information on each layer of the solution, read our Security Tech Note.
Your PLM and QMS teams are users of your systems and therefore part of your corporate security success. To help with your security, users can stay current on security topics.
If the administrator does not require it systemwide, Arena users can choose to enable two-factor authentication at an individual account level. This sends a unique code to the user’s email address or mobile number when the user logs in from an unknown computer.
Users create and secure their passwords. Passwords expire at an interval controlled by your Account Administrator (recommended no more than 90 days). When your password expires, you will be prompted to change your password upon login. Depending on how your workspace is configured, you may be able to keep the same password. Arena passwords must be 8-18 characters long and must include at least one lowercase letter, one uppercase letter, and one number.
Brief, formal phishing education may be beneficial for Arena users. Phishing is the fraudulent attempt to obtain information such as usernames, passwords, and data, or disrupt an entire computer system or network. Attackers phish for malicious reasons, by disguising as a trustworthy entity in an email.
Some simple recommendations you can make to your Arena users:
If you or any of your users have questions about security or are unsure about whether an Arena, a PTC Business email is legitimate, please forward the email to [email protected].