This statement is issued to support Axway’s Security Policy which defines the security framework at Axway. It declares Axway’s commitment to provide products and services that meet or exceed our external and internal customers security requirements and to continually improve our efficiency and effectiveness in doing so.
Security at Axway is designed, operated and controlled to continually assure that:
- Axway’s infrastructures and assets are protected;
- Customer data that are stored and processed as part of the SaaS and Cloud services we provide are protected;
- Products and services that Axway builds and sells are secured by design and tested to comply with industry level security best practices;
- Axway complies with data protection regulations, including EU GDPR and US HIPAA.
Axway Security Policies and Procedures: All security policies and procedures are documented as part of our Information Security Management System (ISMS) and Axway employees and contractors, acting on Axway’s behalf, are required to cooperate and support Axway’s pursuit of security and continual improvement and to adhere to the policies and procedures contained within the ISMS.
Certifications and Audits: Axway maintains several certification programs and is audited annually by reputable external companies on security standards including:
- ISO 27001:2013;
- AICPA/SOC2 type II;
- Common Criteria.
Axway is also regularly audited by many of our customers. We respond to these audits seriously and value the feedback from our customers. The audit findings are remediated by Corrective Actions, entered in our CAPA management system, and we work with our customers to develop agreeable action plans to make any improvements needed with our processes.
Secure Software Development Lifecycle: Axway is in constant examination of security tools and methodologies. Our SSDL methodologies and processes include concepts developed by BSIMM (Build Security-In Maturity Model) and OpenSAMM (Open Source Software Assurance Maturity Model). The Axway’s SSDL defines a security level or security bar to be reached by each Axway product before being released to our customers. Our security controls include:
- Security of communication protocols;
- Third party components analysis;
- Attack surface analysis;
- Dynamic analysis;
- Static analysis; 2
- Container analysis.
Penetration Tests: Axwayperforms its own penetration testing as needed by security requirements and works with Customers to organize specific penetration tests as required by their company’s requirements.
Data Protection: Axway maintains HIPAA and GDPR compliance through a thorough set of policies and procedures which guide best practice behavior of our IT and consulting organizations, provides processes for risk assessment and risk management, and drives action plans to resolve issues in a timely manner.
Other Compliance Programs: In parallel with our Security Management Program, Axway has an active Quality Management Program, driven by the requirements of ISO 9001:2015. Axway maintains certification for ISO 9001 that covers our Customer Success Organization (Technical Support, Professional Services, Managed Cloud Services).
Vice-President Process, Security and Compliance,
Chief Information Security Officer