GDPR and CCPA: Sage is compliant with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and all other relevant data privacy regulations in the jurisdictions where we process data.
ISO 27001: the only auditable international standard that defines the requirements for an information security management system (ISMS), which is a set of policies, procedures, processes, and systems that manage information security risks, such as cyberattacks. We’re certified to ISO 27001 for the secure development and operations of our cloud-based accounting, financial management, HR, and people, as well as business management Software as a service (SaaS) within the Sage Business Cloud.
SOC 2: an internal controls report that captures how a company safeguards customer data and how well those internal controls are operating. At Sage, we are continuously expanding the scope of these reports to include more products and services.
The Payment Card Industry Data Security Standard (PCI DSS): a set of policies and procedures designed to optimize the security of credit, debit, and cash card transactions. Sage is compliant with PCI DSS at Level 1, ensuring the protection of cardholders against the misuse of their personal data.
The Health Insurance Portability and Accountability Act (HIPAA): it sets the standard for confidential patient data protection. Sage Intacct is certified to meet the requirements of the HIPAA.
Control assurance: we maintain a comprehensive security control assurance program that seeks to ensure our products meet our product security standards. These are regularly reviewed against this standard so that we fully understand the effectiveness of our security controls.