ISO 9001 Global Quality Standard
ISO 9001:2015 outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization.
Specific sections of the standard contain information on topics such as:
- Requirements for a quality management system, including documentation of a quality manual, document control, and determining process interactions
- Responsibilities of management
- Management of resources, including human resources and an organization’s work environment
- Service development, including the steps from design to delivery
- Customer satisfaction
- Measurement, analysis, and improvement of the QMS through activities like internal audits and corrective and preventive actions
The key to the ongoing certification under this standard is establishing, maintaining, and improving the organizational structure, responsibilities, procedures, processes, and resources in a manner where Axway products and services consistently satisfy ISO 9001 quality requirements.
Yes. Axway has undergone a systematic, independent examination of our quality system to determine whether the activities and activity outputs comply with ISO 9001 requirements. A certifying agent found our QMS to comply with the requirements of ISO 9001 for the activities described in the scope of registration.
Axway’s ISO 9001 certification directly supports customers who develop, migrate, and operate their quality-controlled IT systems with Axway products and services. Customers can leverage Axway’s compliance reports as evidence for their own ISO 9001 programs and industry-specific quality programs, such as GxP in life sciences, ISO 13485 in medical devices, AS9100 in aerospace, and ISO/TS 16949 in automotive. Axway customers who do not have quality system requirements will still benefit from the additional assurance and transparency that an ISO 9001 certification provides.
The covered Axway services that are in scope for the ISO 9001 certification are
- Customer Support Services
- Professional Services and Training
- Cloud Managed Services
If you would like to learn more about using these services and/or have interest in other services, please contact us.
Axway's ISO 9001 accreditation includes services that are provided from our locations in France, Italy, Germany, and the United States of America.
Quality is defined as our services’, products’, and feature’s ability to satisfy the requirements of customers on completeness of delivery, accuracy, confidentiality, availability, integrity, and security.
The certification covers the quality management system over a specified scope of Axway services and Regions of operations. If you are pursuing ISO 9001 certification while operating all or part of your IT systems with Axway product and services, you are not automatically certified by association, however, using an ISO 9001 certified provider like Axway can make your certification process easier.
The ISO 9001 standard along with many other security, economic, environmental, and social standards are available on the ISO website. ISO has made the decision to copyright these standards to help fund the processes leading to development.ISO 9001 Standard
ISO 27001 Security Management Controls
ISO 27001:2022 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how Axway perpetually manages security in a holistic, comprehensive manner. This widely recognized international security standard specifies that Axway do the following:
- We systematically evaluate our information security risks, considering the impact of threats and vulnerabilities.
- We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
Axway has certification for compliance with ISO 27001 for our Cloud Managed Services and our Technical Customer Support Services. This certification is performed by independent third-party auditors. Our compliance with this internationally recognized standard and code of practice is evidence of our commitment to information security at every level of our organization, and that the Axway security program is in accordance with industry leading best practices.
The following Enterprise Cloud Managed Services and Technical Customer Support Services teams have been certified:
- Phoenix, USA
- Paris, France
- Berlin, Germany (Cloud Managed Services only)
- Sofia, Bulgaria
- Bucharest, Romania
Only the sites and teams listed above are certified. However, since all Axway teams follow the same security policies and procedures defined in the Axway Information Security Management System, Axway is generally compliant with ISO 27001 standard.
Your organization is not automatically certified by association. However, if you are pursuing ISO/IEC 27001:2013 certification while operating part or all your IT in the Axway Managed Cloud, the Axway certification may make it easier for you to certify. The ISO/IEC 27001:2013 certification for Axway covers the Axway security management process over a specified scope of services.
The ISO 27001 standard along with many other security, economic, environmental, and social standards are available on the ISO website. ISO has made the decision to copyright these standards to help fund the processes leading to development. ISO 27001 Standard
Axway System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how Axway achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Axway controls established to support operations and compliance.
The following services have been audited:
- Cloud Managed Services
- SaaS Services
A SOC 3 Report is a public facing report demonstrating Axway has met the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria A SOC 2 Report is a description of the Axway control environment and external audit of Axway defined controls and objectives
SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements TSP section 100A, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria)
To provide customers and users with a business need with an independent assessment of Axway’s control environment relevant to system security, availability, and confidentiality.
SOC 2 audits are targeted at organizations that provide services and systems to client organizations (for example, Cloud computing, Software as a Service, Platform as a Service). The client company may ask the service organization to provide an assurance audit report, particularly if confidential or private data is being entrusted to the service organization.
12 Months: October 1 - September 30 (approximate)
SOC 3 reports are publicly available and do not require an NDA.
SOC 2 reports include Axway confidential information and require an NDA.
Axway maintains a SOC 3 Report that may be downloaded here:
Axway maintains one SOC 2 Report:
- Axway SOC 2 Report for Axway (CMS) and SaaS - Type 2 SOC 2 - Report
Send a request to your Axway CSO representative for the report if needed. Ensure that you, the customer, has a current signed NDA with Axway.