Sutherland Robility offers customers a comprehensive suite of security features to ensure data security.
These features are designed to provide robust protection and can be automatically enabled or
configured based on specific requirements. However, it is important to note that the effective utilization
of these security controls relies on the organization's personnel who utilize the service.

Authorization of users and access control is managed by the customer's administrators. They are
responsible for implementing controls to ensure that only authorized personnel have access to the
system. The authorized data owner can define access restrictions, allowing access only to individuals
with a legitimate business need. Fine-grained permissions are granted to corporate users through
role-based access controls (RBAC) implemented from the Control Room. This allows for granular control
over various aspects of the product, including credentials, bots, Robility Runner, Robility Designer,
and SmartManager. RBAC models also enable the implementation of dual-controls and separation of
duties within operations.

To ensure transparency and accountability, Robility provides comprehensive audit capabilities. All user
actions within the platform are audited, providing a record of access and actions taken by operations
personnel. This audit functionality is designed to align with industry best practices and helps organizations
demonstrate compliance.

As bots are developed by customer business experts, Sutherland Robility follows secure software
development life cycle (SDLC) processes. These processes include industry-standard practices for
secure development, testing, and production environments. Sutherland Robility supports the separation
of these environments through separate deployments and RBAC controls, ensuring the integrity and
security of the automation workflows.

By offering robust security features, comprehensive audit capabilities, and adherence to secure SDLC
practices, Sutherland Robility provides customers with a secure environment to leverage the benefits
of the automation platform.

Encryption

To ensure the security and protection of customer data, Sutherland Robility leverages industry-standard
encryption technologies throughout its service. Here are the key encryption measures implemented:

Encryption of Data in Transit: All communication between the customer's network and the Robility
service is encrypted using HTTPS (Hypertext Transfer Protocol Secure) along with SSL
(Secure Sockets Layer) or TLS (Transport Layer Security) 1.2. This encryption protocol ensures
that data transmitted over the network is securely encrypted, preventing unauthorized access or interception.

Encryption of Data at Rest: Any data stored at rest is encrypted using AES-256
(Advanced Encryption Standard with a 256-bit key). AES-256 is widely recognized as a strong encryption
algorithm that provides a high level of security for stored data. This encryption ensures that even if the
physical storage media were to be compromised, the encrypted data would remain unreadable without
the decryption key.

By utilizing HTTPS with SSL/TLS for data transmission and AES-256 encryption for data at rest, Sutherland
Robility ensures that customer data is protected both during transit and while stored within the service.
These encryption measures align with industry standards and best practices, providing a secure environment
for the handling and storage of sensitive information.