Not sure if this is the correct category… but here goes.
My organization is interested in deploying UiPath (any version) for unattended RPA. Our security department has given me a list of primary security controls.
Our processes all require logins; eg PeopleSoft.
Here are initial controls:
• Implement script review/change control process.
• Implement segregation of duties principle. To mitigate fraud risks, RPA script developers should not be able to run the bots in operations. Conversely, human supervisors of bot operations should not be able to define and develop RPA scripts.
• Encrypt data at rest (including credentials)
• Encrypt data in motion/transit.
• Create separate service accounts for different tasks
• Do not hardcode credentials in RPA scripts
• Enable logging for audit trail
• Lockdown bots.
Can UiPath handle the controls?