At Lansweeper, we help over 20,000 organizations worldwide gain full visibility over their technology environments. With that responsibility comes a deep commitment to protecting your data. Security is not just a requirement for us, it’s a core part of how we build, operate, and continuously improve our platform.
When you trust us with your data, you trust us with a critical part of your business. That’s why we invest continuously in strong security controls, industry best practices, and transparent processes so you can operate with confidence.
Lansweeper’s information security program is owned and led by our Information Security Officer, with active support from teams across Operations, Engineering, and IT.
All of our security processes are structured within the which allows us to consistently implement, monitor, and improve our security controls. This framework is aligned with recognized industry standards such as NIST CSF and ISO 2700x, and is driven by a risk-based approach.
To access our detailed security documentation, including policies and certifications, simply complete the form below.
To ensure security remains fully aligned with business objectives and operational realities, we rely on a multi-level governance structure:
We continuously assess our posture and identify opportunities to stay ahead of evolving threats.
We take a proactive and layered approach to protecting our software. Our application security program combines automated tools, manual testing, and secure development practices to reduce both the frequency and impact of vulnerabilities.
Key components of our approach include:
Security is embedded throughout the full software lifecycle from design to deployment. All identified vulnerabilities are tracked centrally in our internal ticketing systems, giving us a true single pane of glass for remediation. We follow a structured vulnerability response process with strict internal SLAs, based on industry scoring models such as CVSS and EPSS.
Lansweeper’s cloud platform is hosted on AWS and built on the shared responsibility model. While AWS secures the underlying infrastructure, Lansweeper implements additional controls to protect customer environments:
All third-party cloud service providers supporting our platform are reviewed through available audit and certification reports to confirm their security posture. More information related to our sub-processors can be found here. And more details on the regions and data residency can be found here.
Lansweeper treats all customer data processed within our cloud platform with the highest degree of confidentiality. Customer data is accessed only on a case-by-case basis, and only by a limited number of authorized personnel for legitimate operational needs such as support.
All access to our platform follows a strict least-privilege and need-to-know principle. Permissions are carefully assigned based on defined job roles and are regularly reviewed to ensure they remain appropriate. Formal access management processes govern how access is granted, modified, and revoked, ensuring strong oversight throughout the entire user lifecycle. Every access request requires prior management approval before any connection to data, systems, or infrastructure is permitted.
Our Zero Trust security architecture further strengthens access control across all corporate applications. Every user must authenticate through a centralized single sign-on platform with multi-factor authentication enforced by default. Depending on the system, authentication is secured using hardware-based FIDO2 keys or approved mobile authentication applications. Less secure methods such as SMS-based verification are not permitted, significantly reducing exposure to phishing and man-in-the-middle attacks.
Together, these layered controls ensure that only the right people have the right level of access, at the right time, protecting your data at every stage.
We operate a dedicated Security Operations capability, supported by a SIEM platform and a 24/7 external Security Operations Center (SOC)
All security alerts are actively monitored and investigated. In the event of a high or critical security incident involving customer data, affected customers will be notified without undue delay via in-app notifications and/or email, in line with GDPR requirements.
Notifications include:
Once full forensic analysis is completed, supporting evidence will be provided. While we strive for rapid investigation, often completing analysis within 72 hours, the timeline may vary based on the complexity of the incident to ensure accuracy and thoroughness.
Lansweeper is committed to maintaining service availability and operational resilience, even in the event of unexpected disruptions. We maintain formal Business Continuity and Disaster Recovery plans to ensure critical services remain available.
These plans are reviewed annually and validated through regular testing exercises, allowing us to continuously improve our preparedness based on real-world scenarios.
Our cloud architecture is designed for resilience, using a scalable multi-region architecture to minimize risk and maximize availability. As part of this commitment, Lansweeper provides an uptime SLA of 99.5%.
"*" indicates required fields