En

Sherpa RPA#

Data Collection#

Sherpa RPA does not collect any personal user data and does not store it in its database unless explicitly specified by the developed robot's script.

The solution supports centralized collection and storage of logs, allowing for real-time monitoring of system activity. Actions are recorded in local log files or sent to Sherpa Orchestrator if it has been connected to Sherpa Robot. Logs include authentication data, robot operations, configuration changes, and any other actions performed in the system. This facilitates the auditing process and timely detection of anomalies.

Data Protection#

All components of the solution use the AES-256 encryption algorithm to protect confidential data, which is a modern and reliable standard for ensuring data security.

A robust hash algorithm SHA256 is used for signing installation packages.

All data transmission is carried out over secure channels using the TLS 1.3 protocol, which provides a high level of protection against interception and attacks. The solution also supports compatibility with SSL3, TLS 1.1, TLS 1.2, and TLS 1.3 protocols to ensure maximum flexibility when integrating with various systems.

To ensure secure data exchange between system accounts, robots can operate under separate, isolated accounts with minimal privileges. This eliminates the need to grant administrative rights, significantly reducing the risk of system compromise in the event of a successful attack on one of the accounts.

The security of third-party service authentication is ensured by the user's computer and service providers. Authentication data for third-party services is not transmitted to Sherpa RPA servers and is not stored there.

Authentication and Authorization#

When using the solution in conjunction with Sherpa Orchestrator, advanced authentication and authorization mechanisms are applied on the server, preventing unauthorized access. These mechanisms include support for integration with LDAP/OpenID and other modern access control methods.

Vulnerability Remediation#

Upon discovering a vulnerability in any of our solutions, we, as the vendor, promptly notify users by sending emails to their addresses. These emails contain information about the issue, timelines for resolution, and instructions for necessary actions to address it.

Vulnerability Remediation Timelines#

  1. Medium-level vulnerabilities are resolved within 30 calendar days.

  2. High and critical-level vulnerabilities are resolved within 7 calendar days.

Operation in a Closed Network#

All components of the platform can operate in a closed network without Internet access. Some individual cloud functions and third-party service features may require Internet access if you plan to use them. In such cases, Internet access should be provided only for the addresses of these services. To activate licenses for platform components in a closed network without Internet access, use offline activation, which involves exchanging a request code and a response code with Sherpa RPA Technical Support. You can send the request code and receive the response code at support@sherparpa.ru. You can also provide the platform components access to the Sherpa licensing server located at https://sherpa.wiregeo.com, port 443. This will allow for automatic activation of Sherpa RPA licenses and the use of features such as Smart Assistant and requests to neural networks OpenAI, Sber GigaChat, YandexGPT, Groq, Claude.

Backup of the Solution (Sherpa Designer + Sherpa Robot)#

To ensure backup of all solution data, it is recommended to add the following path to your backup program:

C:\Users\User\AppData\Roaming\Sherpa RPA Data\.