Your data is as important to us as it is to you. SAP Fieldglass has instituted a world-class Information Security Management System (ISMS) to ensure it remains secure. We proudly provide the following assurances to our customers.
BSI C5 is a Cloud Computing Compliance Controls Catalog (C5) of Security Recommendations for Cloud Providers issued in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks.
ISO 9001:2015 certified
ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
View certificate for SAP Fieldglass >
Since 2011, our ISO certification has proven that we're serious when it comes to the management of information security. This globally recognized standard mandates the requirements for bringing information security under explicit control. The scope of our ISMS includes both our corporate headquarters and R&D technology center where all software planning, design, development, testing and support activities are performed. In 2016, we attained ISO 27018:2014 compliance to further demonstrate our commitment to protecting Personally Identifiable Information (PII) in the cloud computing environment. Customers can be assured that we have:
- Examined our information security risks considering all threats, vulnerabilities and impacts.
- Implemented a formal ISMS based on continuous improvement.
- Formalized management’s oversight of the entire security program.
- Established controls to specifically address the protection of personal data in the cloud.
In 2016, SAP Fieldglass positioned our organization as a leader in cloud-specific security assurance by obtaining the CSA STAR Certification. This systematic third party independent assessment evaluates the security of a cloud service provider. The ISO 27001:2013 requirements together with the Cloud Security Alliance Cloud Controls Matrix criteria are leveraged to measure the maturity of a cloud provider’s security posture against five management principles.
Since 2005, SAP Fieldglass has undergone rigorous auditing of our internal controls. A SOC 1 is an audit of the operating effectiveness of our internal control environment. Internal controls include, but are not limited to, employee background checks, physical and logical access controls, the entire Systems Development Life-Cycle (SDLC) and IT change control. This report serves as a window into how we operate as a service provider.
SOC 1 Type 2 assessments provide independent third-party verification as to whether control activities were suitably designed and operating effectively during the audit period. SAP Fieldglass operates on a 12-month audit period. The scope of the audit includes both our corporate headquarters and R&D technology center where all software planning, design, development, testing and support activities are performed.
Our SOC 1 Type 2 audit is conducted in accordance with the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402). This single report is designed to satisfy both domestic and overseas customers.
A SOC 2 report is similar to a SOC 1 but does have some key differences. A SOC 1 is self-defined by the service provider and is not held to any industry standard. A SOC 2 is designed to evaluate service providers such as SAP Fieldglass against pre-defined control criteria based on the American Institute of Certified Public Accountants' (AICPA) Trust Services Principles.
SAP Fieldglass has successfully completed a Type 2 audit against the following principles:
- Security – The system is protected against unauthorized access, use or modification.
- Availability – The system is available for operation and use as committed or agreed.
- Processing Integrity – System processing is complete, valid, accurate, timely and authorized.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy – Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA.
SAP Fieldglass management understands the ever-increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ system of internal controls. The successful completion of the SOC 2 examination is only part of SAP Fieldglass continued commitment to maintaining a high level of internal control.
The SAP Fieldglass SOC 3 report is a publically available version of the SOC 2 report. A SOC 2 report includes auditor testing and results, while SOC 3 provides a system description and the auditor’s opinion. You’ll see an overview of our infrastructure, our external auditor's opinion, and SAP Fieldglass management's assertion that we maintain effective control over the system based on the AICPA's Trust Services Security and Availability criteria.