ISO-certified because your business depends on us
Quality Management System
Our ISO 9001-certified Quality Management System (QMS) is foundational for assuring high customer satisfaction, delivering the best-quality services and software as well as making continuous improvements. As part of our QMS, our system for Product Development, Professional Services and Global Support describes the processes, roles and rules that guide the daily work of every employee and how critical assets are secured. This framework:
The QMS is foundation of our Integrated Management System (IMS). See certificates:
Business Continuity Management System
Our ISO 22301-certified Business Continuity Management System incorporates an extraordinary degree of digitalization with best-practice governance processes, incident response teams and co-location of critical infrastructure and applications. This assures critical systems are available for our customers so they can meet their compliance requirements. Customers are guaranteed to get the services they need, quickly and effectively, even in a crisis situation. We continually align our Business Continuity Management System to changing requirements, review it regularly and improve continuously its efficiency. See certificates:
Cloud Information Security Management System
The ISO/IEC 27000 standards series is a widely recognized set of international security standard that specifies security management best practices and comprehensive security controls. The foundation of this certification is the development and implementation of a Cloud Information Security Management System (ISMS).
The Software AG Cloud ISMS defines our approach to managing security for cloud services in a holistic, comprehensive manner and provides a suite of information security measures to:
The independent third-party auditors assessment, which validates compliance with the ISO/IEC 27001 standard, provides evidence that the Software AG Cloud ISMS is comprehensive and in accordance with industry-leading best practices.
Software AG has certification for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. The standard cloud services in scope are listed in the certification scope statement. See certificates:
Service Organization Controls (SOC)
SOC reports are independent third-party examination reports that demonstrate how Software AG achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand Software AG controls established to support operations and compliance.
The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.
Software AG follows the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA Version 5). The result is exclusively retrievable over the ENX portal https://portal.enx.com/en-US/TISAX/tisaxassessmentresults for already registered TISAX participants with the following information: