search icon
Sustainability and society : Tech for Good : Data security principles

Data security principles for Sage.com

Security principles

We take the security of our customers’ data very seriously. That’s why we follow a set of protective measures based on recognised industry best practice. Our approach to security is under continual review to keep pace with the changing threat and technology environment, so we may update the measures described here at any time.

Our dedicated global team is responsible for cyber security at Sage. These security specialists stay up to date on changes by achieving and maintaining recognised industry certifications. We also keep in contact with external bodies, such as national cyber security authorities and privacy regulators. Our senior executives regularly discuss cyber security and are ultimately accountable for security at Sage.

Reference, credit and criminal record checks are carried out on new employees and for necessary roles. Our employment contracts include terms relating to information security to ensure every employee adheres to our security protocols. We also provide rigorous security training to all our employees to make sure they understand and can spot and report risks and security challenges effectively.

We keep track of the different types of data that we handle so that we can ensure it is properly protected. By recording data across all software applications, computers and IT systems we can effectively track it. And we ensure that the protection we use is proportionate to the sensitivity of the data – more sensitive data has extra controls.

We apply rules to control which Sage employees can access customers’ data. We only allow our employees to access customers’ data if it is needed for them to do their job, for example, to provide technical support. We log and record all employees that have access to customers’ data.

Encryption is a way of scrambling data to help keep it secure. We often use encryption to protect our customers’ data, for example when it is being sent over the internet. We issue clear guidelines written by our security specialists for how our employees should use encryption. We make sure that we properly protect passwords and the keys that can be used to read encrypted data.

We use a variety of techniques to help stop security problems being introduced into our software as it is being written, and to find and fix problems before we make our software available for customers to use. All Sage employees involved in writing Sage software are trained in these techniques.

We use a variety of software and hardware tools to make sure that unauthorised people can’t access our customers’ data over the internet or via computers. We keep our IT systems up-to-date and run specialist security tools on them to detect attacks and prevent them becoming infected by viruses or other malicious software.

We use specialist tools to scan computer hardware and software on a regular basis to look for weaknesses that could potentially lead to security problems. If we find these weaknesses, we fix them on a priority basis. Despite adopting industry best practice, security problems can still happen. When they do, we have clear internal processes to ensure problems are quickly reported and handled by the relevant people. After a problem is fixed, we learn from what happened to try to stop it from happening again.

We store and process our customers’ data in secure ‘data centres’ (usually in the cloud). These data centres are secure and access is restricted to those with appropriate permission. They are also built to be able to withstand fire, flood, lightning strike, power failures or other similar events. As an additional precaution, we often store customers’ data in multiple data centres so that if one is out of action, our products will keep working.

We use third-party companies across our business. Some of these companies handle our customers’ data on behalf of Sage. Before we send data to any third-party, we review their approach to information security to make sure that we only rely on companies with good security standards and ensure that we have relevant contractual protections in place.

Explore our pillars

Human by Design

Our Human by Design pillar is our approach to amplifying economic inclusion and growing sustainably. We’re committed to building a diverse, human-centred culture, and we’re achieving this by fostering wellbeing alongside diversity, equity and inclusion in our workplace and beyond.

Protect the Planet

The Protect the Planet pillar is our commitment to fight climate change and drive a faster global transition to net zero. We are delivering this commitment by halving our own emissions by 2030 and becoming net zero by 2040, empowering SMBs to get to net zero and by advocating for regulatory frameworks to support the transition to a low carbon economy, whilst championing the role of SMBs.

Give Feedback