At Productboard we fully understand the need for diligence as product strategy is certainly sensitive commercial information that deserves the right level of protection!
When it comes to cybersecurity, we implement best practices of security-in-depth and security-in-breadth by implementing multi-layered approach of security measures and controls following NIST and OWASP. We conduct penetration testing and vulnerability scanning programs and we have 3rd party penetration tests on an annual basis for the application and networking layers, we also do weekly DAST scans for application vulnerabilities and quarterly for the network. The tests are very thorough and use a combination of industry standard tools such as Burp suite and Nessus, as well as manual fuzz test which go well beyond what an automated tool can do.
When it comes to security compliance management, we are building our ISMS on top of ISO 27002:2022 controls and SOC 2 Focus Points by mapping both standards using AICPA's guide.
Foregoing notwithstanding we continuously heavily invest into our product security, including secure log-on mechanisms, RBAC user model, SSO, internal data and process segmentation etc., as well as state-of-the-art situational awareness monitoring, anomaly detection and, of course, 24x7x365 response by our security operations team. In support of this goal we allocate an adequate budget to ensure security-by-design is in place to protect our customers' data as a top priority.
David Dolezal
Director of Security
-- pentest 2025 results
-- ISO27001 and SOC2 certification renewal
Productboard offers permission settings at the product entity level for granular permissions management and better access control for admins.
https://support.productboard.com/hc/en-us/articles/1500012789762-New-product-access-management
All customers and partners wishing to integrate with Productboard's platform APIs will now be able to use OAuth2.
More details in the article here: https://support.productboard.com/hc/en-us/articles/9994662156691-How-to-integrate-with-Productboard-via-OAuth2-developer-documentation?source=search
We’ve taken your feedback into consideration and are releasing this improvement right after our December Roadmap sharing release!
What’s new?
Makers can protect their publicly shared roadmaps with a password to ensure that only authorized people can access the roadmap.
What is new?
We have added two new configuration options to provide more control over pushing Slack messages into Productboard:
We extended the options for who can push Slack messages into PB.
We added an option to disable the public notifications in the channel after a Slack message was pushed into PB.
We’ve just released new capabilities to export workspace audit logs for the past 90 days, now available on the Enterprise plan. They’re designed to give admins in larger organizations more visibility into what’s happening in the workspace and diagnose any issues that arise. For starters, you’ll know exactly who accidentally deleted that important feature! It will be a valuable supplement to the existing activity log that’s displayed in each entity’s detail
As your product organization grows, permissions allow you to determine which information users can view and edit within Productboard. Setting up appropriate permissions allows your product teams to collaborate while maintaining control over their most important or sensitive data.
Currently, Productboard offers permission settings at the product level. More details at https://support.productboard.com/hc/en-us/articles/1500012789762-How-to-manage-permissions-in-Productboard
How customer data imported from SFDC are protected? How data flows to Productboard?
Many of those questions could be found answered in the article here
https://support.productboard.com/hc/en-us/articles/1500000297022-Salesforce-Security-FAQ
Productboard is designed to help you understand your customers and build for their needs. To help you achieve this, we are introducing new ways of connecting Productboard to sources of customer data.
We have now launched user external ID support for Intercom, Zendesk, and our public API. This means that users (individuals associated with notes) will be identifiable without an email address.
More in the article https://support.productboard.com/hc/en-us/articles/7184018643859
Productboard is the leading customer-centric product management platform that empowers teams to get the right products to market, faster. From Security perspective it has few main components: - Insights (ingesting customer feedback into Productboard via one-way inbound integrations) - Features/Prioritisation (two-way sync integrations that update status of planned product deliverables) - Segmentation (Matching customers with existing CRM) - Public API (Connect your own processes to our app)
Typical data access: Product Strategical Roadmaps, Product Feedback, Product Customers (PII and Highly Confidential Company Data)
Certifications: SOC 2 Type II, CSA, ISO 27001:2013
SatisMeter is a powerful feedback platform for modern product teams that goes above and beyond traditional feedback widgets and survey tools in its category. Through pre-existing and customizable templates, SatisMeter helps keep an eye on customer satisfaction, stay updated on product engagement, and monitor product-market fit through contextual surveys in-app and across other channels.
Typical data access: Customer Feedback (Confidential & PII Data)
Certifications: SOC 2 Type II, ISO 27001:2022