Information security
Our Information Security Management Program (ISMP) defines our security framework to define and govern the extensive security measures we have in place. It is based on industry-leading best practices and internationally recognized standards.
Information Security Management System
The ISO/IEC 27000 standards series is a widely recognized set of international security standards that specifies security management best practices and comprehensive security controls. The foundation of this certification is the development and implementation of an Information Security Management System (ISMS).
The Software GmbH ISMS defines our approach to managing security for cloud services in a holistic, comprehensive manner and provides a suite of information security measures to:
- Protect cloud information assets from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction
- Proactively identify security risks, prevent, detect, and respond to security breaches and violations
- Comply with legal, regulatory, and contractual requirements
- Adopt an overarching management process to ensure information security controls meet information security needs on an ongoing basis
The independent third-party auditor assessment, which validates compliance with the ISO/IEC 27001 standard, provides evidence that the Software GmbH ISMS is comprehensive and in accordance with industry-leading best practices.
Software GmbH has certification for compliance with ISO/IEC 27001:2022, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. The standard cloud services in scope are listed in the certification scope statement. See certificates:
For more details about Software GmbH security and compliance program READ FACT SHEET.
Service Organization Controls (SOC)
SOC reports are independent third-party examination reports that demonstrate how Software GmbH achieves key compliance controls and objectives. The purpose of these reports is to help you understand Software GmbH controls established to support operations and compliance.
SOC 3 reports are public reports that provide a high-level overview of an organization's controls and security risks and a summary of the SOC 2 reports:
SOC 2 reports are the detailed restricted-use version of these reports. ARIS Cloud SOC 2 report is available as part of the product specific compliance documents at a private portal (please see navigation “By Product").
For more details about Software GmbH security and compliance program READ FACT SHEET.
TISAX
The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.
Software GmbH follows the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA Version 5). The result is exclusively retrievable over the ENX portal, at https://portal.enx.com/en-US/TISAX/tisaxassessmentresults, for already registered TISAX participants with the following information:
Scope-ID: S12L3Y
Assessment-ID: A13YLL-1