search icon

Looking for scheduled maintenance or outage information for online products? Check the Sage Status site.

Security at Sage

Our vision is to provide our customers with great security and data breach protection designed into our products from day one.

Our values

Our customers trust Sage to responsibly protect their businesses. We keep your data safe and secure by utilizing best cyber security practices so that you are able to focus on running your business.


We ensure the integrity of your data.


We make cybersecurity easy to understand.


Knowing you are protected by excellent security measures means you can run your business with confidence.

Security measures that give you peace of mind


Secure code, encryption, firewalls, penetration testing, state-of-the-art threat detection, and seamless data back-ups—at Sage, we are committed to maintaining the confidentiality, integrity, and availability of your data, as well as business systems.

Cloud security that enables you to succeed in the digital world


The cloud enables you to run a successful business in the digital world and safeguard against cyber criminals, with all your data backed up and accessible from any device, at any time.

Sage Business Cloud ensures that our global security team and state-of-the-art security capabilities are protecting your data 24/7, so you can focus on running your business.

Secure software development


Sage security process begins before a line of code is ever written and is integrated through the complete lifecycle of product development. We use the highest industry standards for secure coding and all our products receive robust security testing.

We collaborate with security researchers worldwide and strongly believe in Responsible Vulnerability Disclosure. Read our Responsible Disclosure Policy and our Bug Bounty Program for more information.

We use 2FA to help keep our systems and the data we have safe.

@ Factor Authentication (2FA) requires two methods to verify your identity. It relies on the basis of something only you are likely to know, for example, a password and something you have, such as a token or an app, which is used to keep your data even more secure.

Customers control their own authentication requirements

Products can either compel 2FA for all users or let customers control their own authentication requirements for their users.

Authentication is customizable

Products can request additional authentication prior to any sensitive or high-risk activity and not just at the time of login. 

Friction is recognized

We recognize that our products need to provide options for our customers to balance security with a high-quality user experience.

Frequently asked questions about security

Yes, we have ISO27001 and SOC2 certifications across Sage Business Cloud products. 

State-of-the-art monitoring systems are used across Sage networks and cloud services to detect common types of attacks. Each production environment is constantly monitored for any potential malicious activity by the Sage 24/7 Cyber Defence Operations Team.

All Sage codes are subject to code reviews performed by people who did not write them. Sage also follows the guidelines set in the Open Web Application Security Project (OWASP) Top Ten. This is an internationally recognized research body in the top ten most important security risks affecting software and web applications. Sage product engineers are trained in security to ensure they have all the skills they need to meet our stringent standards.

Absolutely – alongside a range of offensive security techniques. All products are subject to a penetration testing cycle and any vulnerabilities are handled in line with industry best practices. Find more information about penetration testing and offensive security at Sage.

Yes. Our services use the latest versions of a technology called Transport Layer Security, also known as TLS. You can click on the padlock symbol on any web browser to confirm this. This protects your data when transmitted over the internet and is called "encryption-in-transit."

Your data is always encrypted while stored in Sage databases in the cloud. This means that, if someone were to take disk drives from a data center, they would still be unable to read the data. This is called "encryption-at-rest."

2-factor authentication adds extra security to your Sage account. With 2-factor authentication, you'll need to enter a one-time code after your enter your email address and password to log in.

You can set up 2-factor authentication in Account Management. Select 2-factor authentication to start setup. You'll need a mobile device or phone to complete 2-factor authentication.
For more information about 2-factor authentication, go to our support article.

Report a security concern

If you would like to report a security concern or have any security questions regarding Sage cloud products or services, please contact us.

Give Feedback