1. Is the UIPATH/solution PCI-DSS Compliant?
2. Is the product/UiPath ISO-27001?
Yes. UiPath software is not a direct processor of credit or debit card transactions, so does not need to be certified under PCI-DSS, as it is out of scope. Given that the platform could help in financial business processes, all data is encrypted in transit. UiPath supplies cryptographic activities to encrypt data in use and at rest. Additionally, role-based access controls allow customers to control who has access to any data that a customer may choose to store in Orchestrator tenants. Developers are also provided the ability to set any action in automation as private, to prevent the logging of sensitive data.
UiPath is certified against ISO 27001 and has been since 2016. We are currently undergoing the process to include our cloud products in our certification. We anticipate achieving this certification in Q2 2020.