Keep your data and business secure with Sage. Security is built into our products from the outset, keeping you compliant, up-to-date, and protected against the latest cyber threats.
We ensure the integrity of your data.
Secure code, encryption, firewalls, penetration testing, state of the art threat detection, and seamless data back-ups. At Sage, we are committed to maintaining the confidentiality, integrity, and availability of your data and business systems.
The cloud enables you to run a successful business in the digital world and safeguard against cyber criminals, with all your data backed up and accessible from any device, at any time.
Sage Business Cloud means our global security team and state of the art security capabilities are protecting your data 24/7, so you can focus on running your business.
Our security starts before a line of code is ever written and is integrated through the complete lifecycle of product development. We use the highest industry standards for secure coding and all our products receive robust security testing.
We collaborate with security researchers worldwide and strongly believe in Responsible Vulnerability Disclosure. Read our Responsible Disclosure Policy and our Bug Bounty Programme for more information.
Products can either compel 2FA for all users or let customers control authentication requirements for their users.
Products can request additional authentication prior to any sensitive or high-risk activity, not just at login.
We recognize that our products must provide options for our customers to balance security with a high-quality user experience.
Yes, we have ISO27001 and SOC2 certifications across Sage Business Cloud products.
State-of-the-art monitoring systems are used across Sage networks and cloud services to detect common types of attacks. Every production environment is monitored continually for potentially malicious activity by the Sage 24/7 Cyber Defence Operations Team.
All Sage code is subject to code reviews, where code is checked by people who did not write it. Sage also follows the guidelines set out in the Open Web Application Security Project (OWASP) Top Ten which is internationally recognised research on the top ten most important security risks affecting software and web applications. Sage product engineers are trained in security to ensure they have all the skills they need to meet our stringent standards.
Yes, alongside a range of offensive security techniques. All products are subject to a penetration testing cycle and any vulnerabilities are rectified in line with industry best practice. Find more information about penetration testing and offensive security at Sage.
Yes, our services use the latest versions of a technology called Transport Layer Security, also known as TLS. You can click on the padlock symbol on your chosen web browser to confirm this. This protects your data while it is travelling over the internet and is called 'encryption-in-transit'.
Your data is also encrypted while stored in Sage databases in the cloud. This means if someone were to take disk drives from a datacentre they would be unable to read the data. This is called 'encryption-at-rest'.
2-factor authentication adds extra security to your Sage account. With 2-factor authentication, you'll need to enter a one-time code after entering your email address and password to log in.
You can set up 2-factor authentication in Account Management. Select 2-factor authentication to start setup. You'll need a mobile device or phone to complete 2-factor authentication.
For more information about 2-factor authentication, go to our support article.
If you would like to report a vulnerability or have a security concern regarding Sage cloud products or services please contact us.
Give Feedback