Q: Does Nagios have provisions regarding disposition of data upon request and when a contract ends?

Yes. Nagios Enterprises is compliant with all global security and data practice regulations, including GDPR. Because we do not host customer data, we have significantly less customer information than other monitoring solutions, and we can easily remove any data at a customer’s request and/or when a contract is terminated

Q: Is the infrastructure actively monitored and maintained by system administrators?

Yes. We have a dedicated team of in-house staff who monitor and maintain the infrastructure around the clock.

Q: What is your backup methodology for databases and web application servers? What about a disaster recovery plan?

Nagios solutions include full system backups and data backups, including databases. Our licensing options allows you to implement your preferred High Availability/Disaster Recovery plan within seconds.

Q: What is the turnaround time for system retrievability and activation if a disaster event occurs?

Due to the inherent flexibility and customization of Nagios, the SLA will largely depend on your internal operations. Nagios solutions allow for immediate solutions to be activated depending on your preferences. As Nagios solutions exist within your own environment, many of these factors can be customized to best suit the needs of your specific organization.

Q: Do you have the capability to logically segment and recover data for a specific customer in the case of a failure or data loss?

No, we do not. We don’t have access to your data.

Q: Do you notify customers on security incidents that impact them?

Yes, we immediately notify customers of any incident that could affect them. However, because we don’t hold onto customer data, there’s no opportunity for sensitive information to be put at risk. Security vulnerabilities that have been addressed in our product can be found on our Security Disclosures page.

Q: Is there a clearly defined change management process governing scheduled changes to minimize disruptions?

Yes. We release patches and updates on an as-needed basis. Check out our Security Disclosures page for more information.

Q: How do you let your customers know about code changes?

You can see the latest code changes by visiting Nagios XI Change Log page. When relevant, we’ll also update the Security Disclosures page. In addition, changes are communicated within the product itself through alerts and prompts when there is an update or enhancement available.

Q: Can you describe your quality assurance or testing process?

We test our product updates against all operating systems we support. Our dedicated, in-house team continuously looks for bugs using several automated and manual processes. All our product releases endure a strict testing process before release.

Question 1

Does Nagios have provisions regarding disposition of data upon request and when a contract ends?

Accepted Answer

Yes. Nagios Enterprises is compliant with global security and data practice regulations (including GDPR). Because Nagios does not host customer data, we can remove any data at a customer’s request or when a contract ends. In practice, this means we have significantly less customer information than other monitoring solutions and a straightforward process.

Question 2

Is the infrastructure actively monitored and maintained by system administrators?

Accepted Answer

Yes. Nagios has a dedicated in-house team that continuously monitors and maintains the infrastructure around the clock.

Question 3

What is your backup methodology for databases and web application servers? What about a disaster recovery plan?

Accepted Answer

Nagios Monitoring Solutions include full system backups and data backups, including databases. Our licensing options allows you to implement your preferred High Availability/Disaster Recovery plan within seconds.

Question 4

What is the turnaround time for system retrievability if a disaster occurs?

Accepted Answer

Turnaround time for system retrievability and activation largely depens on your internal operations and disaster recovery planning. Since Nagios Monitoring Solutions operate within your own environment, recovery actions can be activated immediately and customized to align with your organization’s specific requirements and response procedures.

Question 5

Do you have the capability to logically segment and recover data for a specific customer in the event of a failure or data loss?

Accepted Answer

No, we do not. Nagios does not have access to customer data and therefore cannot segment or recover it in case of failure.

Question 6

Do you notify customers about security incidents that impact them?

Accepted Answer

Yes, Nagios immediately notifies customers of any security incident that could affect them. Because Nagios does not retain customer data, there’s minimal risk that sensitive information would be exposed. Security vulnerabilities that have been addressed in our product are listed on the security disclosures page.

Question 7

Is there a clearly defined change management process governing scheduled changes to minimize disruptions?

Accepted Answer

Yes. Nagios releases patches and updates as needed. Visit the security disclosures page for more information.

Question 8

How do you let customers know about code changes?

Accepted Answer

You can see the latest code changes by visiting the changelog. When relevant, we’ll also update the security disclosures. In addition, changes are communicated within the product through alerts and prompts when there is an update or enhancement available.

Question 9

Is there a roadmap of upcoming changes for the next 12 months?

Accepted Answer

Yes, you can find our product roadmap at www.nagios.com/roadmap.

Question 10

Can you describe your quality assurance or testing process?

Accepted Answer

Nagios tests product updates on all supported operating systems. Our dedicated, in-house team continuously looks for bugs using a combination of automated and manual processes. All releases undergo strict internal testing before release.

Question 11

How are new product releases deployed and what is the notification period?

Accepted Answer

For customers actively using our software online, we provide notice of new releases inside the product. Our notification period prior to release will vary depending upon the significance of the update. Our goal is to provide plenty of advance notice and support so changes are as seamless as possible.

Question 12

Do you provide separate environments for production and testing?

Accepted Answer

Yes, and we take it a step further! Each purchase of a Nagios XI, Nagios Network Analyzer, and Nagios Fusion license allows for three installations: one install as the primary monitoring server, one for a testing environment server, and one as a backup/failover disaster recover (DR) server. Only one install may be actively monitoring at any given time. Nagios Log Server allows for two installations for production and test environments.

Question 13

Do you have an information security awareness program for employees and contractors?

Accepted Answer

Yes, all appropriate employees participate in regular internal policy reviews and receive cybersecurity and awareness training.

Question 14

Do you have a formal documented security incident response plan?

Accepted Answer

Yes, Nagios maintains an internal incident response plan that includes procedural and communication steps to notify affected customers, partners, and vendors if a security incident occurs. The documentation itself is not shared externally for security reasons.

Question 15

Do you coordinate incident response activities with customers when cybersecurity risks occur?

Accepted Answer

Yes, if a customer submits a ticket notifying us of an incident, a member of our support team will offer consultation on a case-by-case basis. Nagios does not host customer data, so ticket submission is required to be aware of external incidents.

Protecting Your IT Monitoring Environment

A More Secure IT Monitoring Solution

Cybersecurity Begins with Our Team

We Don't Hold Your Data

Our Code Base is Transparent

Nagios and Application Security Scans

Application-Level Security Scans

Scans with Valid Proof-of-Concept

Scans without Proof-of-Concept

System-Level Scans

Backported Security Fixes

Third-Party Dependencies

Security FAQs