Trust

OutSystems undergoes regular verification of security and compliance controls enabling you to fulfil your policies and to keep your data private. Meet your requirements using OutSystems.

Trust

SOC 2 Compliance

OutSystems is SOC 2 compliant. Service Organization Controls (SOC) reports demonstrate our commitment to securing your data. The AICPA defines their purpose as follows:

“A Software-as-a-Service (SaaS) or Cloud Service Organization that offers virtualized computing environments or services for user entities and wishes to assure its customers that the service organization maintains the confidentiality of its customers’ information in a secure manner and that the information will be available when it is needed.”

Our SOC 2 report is available to customers under NDA and can be accessed by contacting your account manager.

Download our SOC 3 report

ISO 27001 and ISO 22301 Certification

OutSystems is certified to be compliant with the ISO 27001 and ISO 22301 standards, two key international standards governing information security management and business continuity management. Adherence to these standards assures that your data and services are protected to the fullest extent possible.

ISO 27001 is the international standard for information security management. ISO 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. By implementing the standard, organizations can identify security risks and put controls in place to manage or eliminate them, gain stakeholder and customer trust that their confidential data is protected, and help achieve preferred supplier status helping to win new business.

Download our ISO 27001 Certification

ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents. ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

Download our ISO 22301 Certification

ISO 27017 and ISO 27018 Certification

OutSystems is certified to be compliant with the ISO 27017 and ISO 27018 standards, defining security requirements for today’s fastest-growing industry – cloud computing.

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. It demonstrates OutSystems ongoing commitment with globally-recognized best practices to make cloud services as safe and secure as the rest of the data included in our certified information management system.

Download our ISO 27017 Certification

ISO 27018 is a code of practice that focuses on protection of personal data in the cloud. It provides implementation guidance on controls applicable to public cloud Personally Identifiable Information (PII). The third-party assessment of this internationally recognized code of practice demonstrates our commitment to the privacy and protection of customers' data, ensuring that their data will only be used for the agreed purposes.

Download our ISO 27018 Certification

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”

As part of our commitment to security best practices in cloud computing, OutSystems is a member of the CSA. In addition, we have completed the CSA STAR Self-Assessment and published the results to their website. This is the latest CAIQ (v3) released by the CSA.

PCI Data Security Standard SAQ A

PCI DSS SAQ A was developed to address requirements applicable to merchants whose cardholder data functions are completely outsourced to validated third parties. OutSystems Sentry is compliant with PCI DSS v3.2, SAQ A for e-commerce applications that integrate with external payment processors.

Privacy and Data Protection

OutSystems applies industry-standard procedures to safeguard the confidentiality of the data stored by the applications hosted in the OutSystems Cloud.

  • We carefully control employee access to your data and applications based on the task being performed.
  • Customers can choose the region for their data to comply with data residency regulations.
  • You can access your own customer data at any time with your own tools during your OutSystems Cloud subscription. If you end your OutSystems Cloud subscription, established standards and processes govern how we remove your customer data.

Learn more about privacy and data protection

Read our privacy statement

GDPR at OutSystems

"OutSystems has an extensive track record meeting strict security requirements in heavily regulated industries such as financial, healthcare, and defense. We are constantly looking for ways to strengthen the trust relationship with our customers through increased transparency and security controls."José Casinha, OutSystems CISO