Security is at the forefront of our architecture
The Anaplan platform is a unique blend of proprietary technology that securely collects and stores data, yet is agile enough to interface with external systems.
Anaplan knows your data is one of your most valuable assets. Our top priority is delivering a comprehensive,
high-performance solution with robust security measures that keep your data safe and your business protected.

Layers of security

Compliance rules are natively built into Anaplan, making it easy to maintain active user compliance. Compliance management in Anaplan is an integrated process with selective access, hash algorithms, and data block storage where users are able to complete their work in an environment that enforces compliance without it getting in their way.

Complete tracking

The security and audit tracking integrated within Anaplan allows model administrators to audit who has viewed and edited models, all the way down to specific cells within modules. This granular security empowers administrators to see how data is manipulated and accessed. In addition, models can be returned to a previous version in seconds.

Performance delivered

Anaplan is committed to a world-class customer service experience. We measure uptime and response time to ensure that customers have a reliable and quick connection to our servers. It is part of our ongoing mission to provide Anaplanners with an environment that is accessible from any device and enables them to respond to changing business dynamics. Our Technical Operations team monitors these test results to ensure we are providing the best service to all our customers

Security Highlights


Running and recalculating models in-memory requires special handling to provide resilience against server failure. A key component of our server architecture is a roll-forward transaction log to deliver security without loss of speed and to enable models to be recovered without data loss following server failure.


Anaplan provides complete application-layer security, including data encryption on-the-wire, secure authentication protocols, and robust access control and authorization for managing user rights. We only deliver pure HTML and JavaScript to your browser—desktops do not require any changes, special permissions, or additional client-side application installations.


The Anaplan client JavaScript code has no direct access to the local hard disk. Once the file has been identified, it is submitted by the browser to the server over the encrypted session using HTTPS/TLS 1.2. Key exchange is done via the browser using 2048-bit certificates. Session key length is negotiated by the end user browser using the strongest available encryption. All data transfers between client and server are encrypted end-to-end using TLS for all connections, both browser and API.


Anaplan undergoes SOC 2 audits twice per year, as well as SOC 1 audits at least annually. The audits are conducted by an independent, third-party auditing firm. Anaplan recently completed the Cloud Security Alliance STAR self-assessment. A copy is available for download here.


All data is backed up to multiple storage devices and backup facilities on a rotating schedule of incremental and full backups. The backups are copied over secure links to encrypted storage units.


Anaplan uses one of the world’s best hosting providers, Equinix. Within each hosting location, we own and control our hardware and software. This enables us to partner with leaders in hosting while also having the flexibility to use the best technologies for an optimal customer experience. Our Equinix International Business Exchange™ (IBX®) data centers are ISO 27k certified and SOC audited.


Anaplan’s privacy policies are based on the ISO 27018 standard. Anaplan’s privacy program is audited and certified by TRUSTe. Anaplan’s privacy policy is published online here. Anaplan is certified under EU-U.S. and Swiss-U.S. Safe Harbor Programs and is registered with the U.S. Department of Commerce’s Safe Harbor Program.