OutSystems undergoes regular verification of security and compliance controls enabling you to fulfil your policies and to keep your data private. Meet your requirements using OutSystems.
SOC 2 Compliance
OutSystems is SOC 2 compliant. Service Organization Controls (SOC) reports demonstrate our commitment to securing your data. The AICPA defines their purpose as follows:
“A Software-as-a-Service (SaaS) or Cloud Service Organization that offers virtualized computing environments or services for user entities and wishes to assure its customers that the service organization maintains the confidentiality of its customers’ information in a secure manner and that the information will be available when it is needed.”
Our SOC 2 report is available to customers under NDA and can be accessed by contacting your account manager.
ISO 27001 and ISO 22301 Certification
OutSystems is certified to be compliant with the ISO 27001 and ISO 22301 standards, two key international standards governing information security management and business continuity management. Adherence to these standards assures that your data and services are protected to the fullest extent possible.
ISO 27001 is the international standard for information security management. ISO 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. By implementing the standard, organizations can identify security risks and put controls in place to manage or eliminate them, gain stakeholder and customer trust that their confidential data is protected, and help achieve preferred supplier status helping to win new business.
ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents. ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
ISO 27017 and ISO 27018 Certification
OutSystems is certified to be compliant with the ISO 27017 and ISO 27018 standards, defining security requirements for today’s fastest-growing industry – cloud computing.
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. It demonstrates OutSystems ongoing commitment with globally-recognized best practices to make cloud services as safe and secure as the rest of the data included in our certified information management system.
ISO 27018 is a code of practice that focuses on protection of personal data in the cloud. It provides implementation guidance on controls applicable to public cloud Personally Identifiable Information (PII). The third-party assessment of this internationally recognized code of practice demonstrates our commitment to the privacy and protection of customers' data, ensuring that their data will only be used for the agreed purposes.
Cloud Security Alliance (CSA)
Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”
As part of our commitment to security best practices in cloud computing, OutSystems is a member of the CSA. In addition, we have completed the CSA STAR Self-Assessment and published the results to their website. This is the latest CAIQ (v3) released by the CSA.
PCI Data Security Standard SAQ A
PCI DSS SAQ A was developed to address requirements applicable to merchants whose cardholder data functions are completely outsourced to validated third parties. OutSystems Sentry is compliant with PCI DSS v3.2, SAQ A for e-commerce applications that integrate with external payment processors.