Unattend Robot Security Controls

Hi.

Not sure if this is the correct category… but here goes.
My organization is interested in deploying UiPath (any version) for unattended RPA. Our security department has given me a list of primary security controls.
Our processes all require logins; eg PeopleSoft.

Here are initial controls:
• Implement script review/change control process.
• Implement segregation of duties principle. To mitigate fraud risks, RPA script developers should not be able to run the bots in operations. Conversely, human supervisors of bot operations should not be able to define and develop RPA scripts.
• Encrypt data at rest (including credentials)
• Encrypt data in motion/transit.
• Create separate service accounts for different tasks
• Do not hardcode credentials in RPA scripts
• Enable logging for audit trail
• Lockdown bots.

Can UiPath handle the controls?

Thanks.

Yes Uipath can control few. But we need to take care of remaining. :slightly_smiling_face:

• Implement script review/change control process. - We need to take care of script review. For change control Uipath have version control.
• Implement segregation of duties principle. To mitigate fraud risks, RPA script developers should not be able to run the bots in operations. Conversely, human supervisors of bot operations_emphasized text_ should not be able to define and develop RPA scripts. - You should have development and production environment seperately.
• Encrypt data at rest (including credentials) - Uipath Orchestrator have this feature.
• Encrypt data in motion/transit.- You can use Queues or your own web services.
• Create separate service accounts for different tasks - You need to take care of this.
• Do not hardcode credentials in RPA scripts - If you have Orchestrator licence, you can use assets to save credentials. Or you can use cyberarc, database etc.
• Enable logging for audit trail - Available in Orchestrator.
• Lockdown bots - When you run unattended bots from Orchestrator it is always locked.

Awesome thanks, for your reply.