search icon

Looking for scheduled maintenance or outage information for online products? Check the Sage Status site.

Security at Sage

Keep your data and business secure with Sage. Security is built into our products from the outset, keeping you compliant, up-to-date, and protected against the latest cyber threats.

Our values

Our customers trust Sage with the responsibility of protecting their business. We keep your data safe and secure, so you can focus on running your business. 


We ensure the integrity of your data.


We strip away the complexity of cyber security. 


Great security means you can run your business with confidence.

Security controls that give you peace of mind


Secure code, encryption, firewalls, penetration testing, state of the art threat detection, and seamless data back-ups. At Sage, we are committed to maintaining the confidentiality, integrity, and availability of your data and business systems.

Cloud security that enables you to succeed in the digital world


The cloud enables you to run a successful business in the digital world and safeguard against cyber criminals, with all your data backed up and accessible from any device, at any time.

Sage Business Cloud means our global security team and state of the art security capabilities are protecting your data 24/7, so you can focus on running your business.

Secure software development


Our security starts before a line of code is ever written and is integrated through the complete lifecycle of product development. We use the highest industry standards for secure coding and all our products receive robust security testing.

We collaborate with security researchers worldwide and strongly believe in Responsible Vulnerability Disclosure. Read our Responsible Disclosure Policy and our Bug Bounty Programme for more information.

We use 2FA to help keep our systems, and the data we hold on them, safe.

2FA requires two methods to verify your identity. It relies on the concept of something you know, for example a password, and something you have, like a token or an app, to keep your data even more secure.

Customers control authentication requirements

Products can either compel 2FA for all users or let customers control authentication requirements for their users.

Authentication is customisable

Products can request additional authentication prior to any sensitive or high-risk activity, not just at login. 

Friction is recognised

We recognize that our products must provide options for our customers to balance security with a high-quality user experience.

Frequently asked questions about security

Yes, we have ISO27001 and SOC2 certifications across Sage Business Cloud products. 

State-of-the-art monitoring systems are used across Sage networks and cloud services to detect common types of attacks. Every production environment is monitored continually for potentially malicious activity by the Sage 24/7 Cyber Defence Operations Team.

All Sage code is subject to code reviews, where code is checked by people who did not write it. Sage also follows the guidelines set out in the Open Web Application Security Project (OWASP) Top Ten which is internationally recognised research on the top ten most important security risks affecting software and web applications. Sage product engineers are trained in security to ensure they have all the skills they need to meet our stringent standards.

Yes, alongside a range of offensive security techniques. All products are subject to a penetration testing cycle and any vulnerabilities are rectified in line with industry best practice. Find more information about penetration testing and offensive security at Sage.

Yes, our services use the  latest versions of a technology called Transport Layer Security, also known as TLS. You can click on the padlock symbol on your chosen web browser to confirm this. This protects your data while it is travelling over the internet and is called 'encryption-in-transit'.

Your data is also encrypted while stored in Sage databases in the cloud. This means if someone were to take disk drives from a datacentre they would be unable to read the data. This is called 'encryption-at-rest'.

2-factor authentication adds extra security to your Sage account. With 2-factor authentication, you'll need to enter a one-time code after entering your email address and password to log in.

You can set up 2-factor authentication in Account Management. Select 2-factor authentication to start setup. You'll need a mobile device or phone to complete 2-factor authentication.
For more information about 2-factor authentication, go to our support article.

Report a security vulnerability

If you would like to report a vulnerability or have a security concern regarding Sage cloud products or services please contact us.

Give Feedback