Security

Our priority: your security

Software AG’s goal is to provide you with high-quality software and also the best possible security for your daily work. Especially, when using a hosted software service, it’s indispensable that you can rely completely on us.

Cloud information security management system

Securing Software AG Cloud with the highest industry standards

ISO/IEC 27001 is a widely recognized international security standard that specifies security management best practices and comprehensive security controls. The foundation of this certification is the development and implementation of an Information Security Management System (ISMS).

The Software AG Cloud ISMS defines our approach to managing security for cloud services in a holistic, comprehensive manner and provides a suite of information security measures to:

• Protect cloud information assets from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction
• Proactively identify security risks, prevent, detect and respond to security breaches and violations
• Comply with legal, regulatory and contractual requirements
• Adopt an overarching management process to ensure information security controls meet information security needs on an ongoing basis

See certificates:

• ISO 27001 Cloud Information Management System certified by DQS (English)
• ISO 27001 Cloud Information Management System certified by DQS (German)
• ISO 27001 IQNet Cloud Information Management System (English)

Software AG’s implementation of and alignment with ISO 27001 for cloud services demonstrates a commitment to information security at every level of the organization. Software AG is assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with this internationally recognized standard is evidence that the Software AG cloud security program is comprehensive and in accordance with industry-leading best practices. The standard cloud services in scope of the ISO 27001 certification currently include operations for Alfabet, ARIS, webMethods DynamicApps (Agile Edition), webMethods API and webMethods Integration. All other components of Software AG Cloud will be added to the scope of the ISMS during 2019.

Service Organization Controls (SOC) Compliance Reports

SOC Reports are independent third-party examination reports that demonstrate how Software AG achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand Software AG controls established to support operations and compliance.

• SOC 3 Security and Availability Report on ARIS Cloud
• SOC 3 Security and Availability Report on webMethods Cloud
• SOC 3 Security and Availability Report on Alfabet Cloud