Security

Our priority: your security

Software AG's goal is to provide you with high-quality software and also the best possible security for your daily work. Especially, when using a hosted software service, it's indispensable that you can rely completely on us.

Cloud information security management system

Securing Software AG Cloud with the highest industry standards

The ISO/IEC 27000 standards series is a widely recognized set of international security standard that specifies security management best practices and comprehensive security controls. The foundation of this certification is the development and implementation of a Cloud Information Security Management System (ISMS).

The Software AG Cloud ISMS defines our approach to managing security for cloud services in a holistic, comprehensive manner and provides a suite of information security measures to:

• Protect cloud information assets from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction
• Proactively identify security risks, prevent, detect and respond to security breaches and violations
• Comply with legal, regulatory and contractual requirements
• Adopt an overarching management process to ensure information security controls meet information security needs on an ongoing basis

The independent third-party auditors assessment, which validates compliance with the ISO/IEC 27001 standard, provides evidence that the Software AG Cloud ISMS is comprehensive and in accordance with industry-leading best practices.

Software AG has certification for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. The standard cloud services in scope are listed in the certification scope statement.

See certificates:

• ISO 27001 Cloud Information Management System certified by DQS (English)
• ISO 27001 Cloud Information Management System certified by DQS (German)
• ISO 27017 Code of Practice for Information Security Controls for Cloud Services certified by DQS (English)
• ISO 27017 Code of Practice for Information Security Controls for Cloud Services certified by DQS (German)
• ISO 27018 Code of Practice for Protecting Personal Data in the Cloud certified by DQS (English)
• ISO 27018 Code of Practice for Protecting Personal Data in the Cloud certified by DQS (German)
• ISO 27001 IQNet Cloud Information Management System (English)

Service Organization Controls (SOC) Compliance Reports

SOC reports are independent third-party examination reports that demonstrate how Software AG achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand Software AG controls established to support operations and compliance.

• SOC 3 Security and Availability Report on ARIS Cloud
• SOC 3 Security and Availability Report on webMethods Integration Cloud
• SOC 3 Security and Availability Report on Alfabet Cloud