search icon
Sustainability & Society: Tech for Good: Data security principles

Data Security Principles for

Security principles

We take the security of our customers’ data very seriously. That’s why we follow a set of protective measures based on recognized industry best practices. Our approach to security is under continual review in order to keep up with changing threat and technology environments and so that we can update the measures described here at any time.

Our dedicated global team is responsible for cyber security at Sage. These security specialists stay up to date on changes by achieving and maintaining industry standard certifications. We also keep in contact with external bodies, such as national cyber security authorities and privacy regulators. Our senior executives regularly discuss cyber security and are ultimately accountable for security at Sage.

Reference, credit and criminal record checks are carried out on new employees and for essential roles. Our employment contracts include terms related to information security in order to ensure that every employee adheres to our security protocols. We also provide rigorous security training to all of our employees to ensure they understand and can effectively spot and report risks and security issues.
We keep track of the different types of data that we handle so that we can ensure it is properly protected. By recording data across all software applications, computers, and IT systems, we can effectively track it. And we ensure that protection we use is proportionate to the sensitivity of the data. More sensitive data has additional security controls.
We apply rules to control which Sage employees can access customer data. We only allow our employees to access customer data as needed for them to do their jobs, for example, in order to provide technical support. We log and record all employees who have access to customer data.
Encryption is a way of scrambling data to help keep it secure. We often use encryption to protect our customers’ data, for example, when it is sent over the internet. We issue clear guidelines written by our security specialists for how our employees should use encryption. We make sure that we properly protect passwords and keys that can be used to read encrypted data.
We use a variety of techniques to help stop security issues in our software while it is being written, as well as to find and fix problems before making our software available for customer use. All Sage employees involved in writing Sage software are trained in these techniques.
We use a variety of software and hardware tools to make sure that unauthorized users cannot access our customers’ data over the internet or via computer. We keep our IT systems up-to-date and run specialized security tools in order to detect attacks and to prevent viruses or other malicious software.
We use specialist tools to scan computer hardware and software on a regular basis to look for weaknesses that could potentially lead to security problems. If we find these weaknesses, we prioritize and address them. Despite adopting industry best practices, security problems can still happen. When they do, we have clear internal processes to ensure problems are quickly reported and handled by the appropriate team members. After a problem is fixed, we learn from what happened to try to stop it from happening again.
We store and process our customer data in secure "data centers" (usually in the cloud). These data centers are secure and access is restricted only to those with appropriate permissions. They are also built to be able to withstand fire, floods, lightning strikes, power failures or other similar events. As an additional precaution, we often store customer data in multiple data centers. If one of them is out of order, our products will keep working.
We use third party companies across our business. Some of these companies handle our customers’ data on behalf of Sage. Before we send data to any third party, we review their approach to information security and make sure that we only rely on companies with excellent security standards, as well as ensure that we have the relevant contractual protections in place.

Explore our Pillars

Human by Design

Our Human by Design pillar is our approach to amplifying economic inclusion and growing sustainably. We’re committed to building a diverse, human-centered culture, and we’re achieving this by fostering well-being alongside diversity, equity and inclusion, in our workplace and beyond.

Protect the Planet

The Protect the Planet pillar is our commitment to fight climate change and drive a faster global transition to net zero. We are delivering this commitment by halving our own emissions by 2030 and becoming net zero by 2040, empowering SMs to get to net zero and by advocating for regulatory frameworks to support the transition to a low-carbon economy, whilst championing the role of SMBs.