Your data is as important to us as it is to you. The SAP Fieldglass Information Security Management System (ISMS) helps to ensure your data remains secure. We proudly provide the following certifications to our customers.
C5 Attestation for European Union / Germany
BSI C5 is a Cloud Computing Compliance Controls Catalog (C5) of Security Recommendations for Cloud Providers issued in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks.
ISO 9001:2015 Certified
ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
Since 2011, our ISO certification standard mandates the requirements for bringing information security under explicit control. The scope of our ISMS includes both our corporate headquarters and R&D technology center where all software planning, design, development, testing, and support activities are performed. In 2016, we attained ISO 27018:2014 compliance to further demonstrate our commitment to protecting Personally Identifiable Information (PII) in the cloud computing environment. SAP Fieldglass has:
- Examined our information security risks considering all threats, vulnerabilities, and impacts.
- Implemented a formal ISMS based on continuous improvement.
- Formalized management’s oversight of the entire security program.
- Established controls to specifically address the protection of personal data in the cloud.
In 2016, SAP Fieldglass obtained the CSA STAR Certification. This systematic third party independent assessment evaluates the security of a cloud service provider. The ISO 27001:2013 requirements together with the Cloud Security Alliance Cloud Controls Matrix criteria are leveraged to measure the maturity of a cloud provider’s security posture against five management principles.
Since 2005, SAP Fieldglass has undergone rigorous auditing of our internal controls. A SOC 1 is an audit of the operating effectiveness of our internal control environment. Internal controls include, but are not limited to, employee background checks, physical and logical access controls, the entire Systems Development Life-Cycle (SDLC) and, IT change control. This report serves as a window into how we operate as a service provider.
SOC 1 Type 2 assessments provide independent third-party verification as to whether control activities were suitably designed and operating effectively during the audit period. SAP Fieldglass operates on a 12-month audit period. The scope of the audit includes both our corporate headquarters and R&D technology center where all software planning, design, development, testing, and support activities are performed.
Our SOC 1 Type 2 audit is conducted in accordance with the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402). This single report is designed to satisfy both domestic and overseas customers.
A SOC 2 report is similar to a SOC 1 but does have some key differences. A SOC 1 is self-defined by the service provider and is not held to any industry standard. A SOC 2 is designed to evaluate service providers such as SAP Fieldglass against pre-defined control criteria based on the American Institute of Certified Public Accountants' (AICPA) Trust Services Principles.
SAP Fieldglass has successfully completed a Type 2 audit against the following principles:
- Security – The system is protected against unauthorized access, use, or modification.
- Availability – The system is available for operation and use as committed or agreed.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy – Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA.
SAP Fieldglass management understands the ever-increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ system of internal controls. The successful completion of the SOC 2 examination is only part of SAP Fieldglass continued commitment to maintaining a high level of internal control.