London – 19th September, 2017 – OutSystems today announced that it has bolstered its security credentials with three of the most recognised security certifications - ISO 27001, ISO 22301, and SOC 2. In addition, OutSystems has become a member of the Cloud Security Alliance as part of its commitment to security best practices in cloud computing.
“Software security is one of the most critical issues that IT leaders face, and it is often one of the most challenging,” said José Casinha, chief information security officer at OutSystems. “These new certifications help OutSystems provide an end-to-end security strategy for organisations building applications with our low-code platform.”
OutSystems has completed the following certifications:
- ISO 27001: This certification, from auditor BSI, approves the OutSystems systematic approach to managing sensitive company information so it remains secure.
- ISO 22301: This certification, also from BSI, approves the management system the company has put in place for business continuity arrangements.
- SOC (Service Organisation Controls) 2 Type II: This attestation, from KirkpatrickPrice, demonstrates that OutSystems has selected and implemented a specific and well-defined set of security controls. The framework validates that the service provider’s data management systems are secure, available and setup to maintain the confidentiality of data.
OutSystems ensures security best practices are enforced throughout the development lifecycle. Apps or systems created in the platform automatically include code protection for the riskiest threats, e.g. OWASP Top Ten: Injection, Cross-Site Scripting, Sensitive Data Exposure, etc.
“CISO and IT leaders know that their infosec depends on each programmer’s adoption of security best practices in coding,” said Casinha. “Given that every chain is only as strong as its weakest link, it is important to have automated security standards that are automatically included and always enforced.”
“We currently have over 896 unique security features in our platform covering everything from device security to cloud operations,” said Paulo Rosado, OutSystems CEO. “These advanced features, the systematic enforcement of code security, and the most recognised security certifications in the world provide IT leaders with peace of mind that their software development is secure.”
OutSystems enforces security requirements, including application security checks, identity management, access control, single sign-on, encryption, auditing, and more.
To complete these certifications, OutSystems underwent a series of formal independent audits of its technologies, security policies and procedures, as well as its internal risk and operations controls. The successful completion of these respected certification processes reinforces the company’s commitment to providing customers with the most secure, user-friendly development environment in the industry.
“The SOC 2 audit is based on the Trust Services Principles and Criteria. OutSystems has selected the security, principle for the basis of their audit,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “OutSystems delivers trust based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on OutSystems controls.”
“Because of its cloud approach to application development, OutSystems is at the helm of offering secure application development as a service,” said Jim Reavis, co-founder and chief executive officer of CSA. “CSA looks forward to having OutSystems share insights with our member organisations to help develop and execute on secure cloud computing best practices.”
By joining CSA, OutSystems will add its subject matter expertise to that of other industry practitioners, associations, governments, and corporate and individual members who offer cloud security-specific research, education, certification, events and products to the entire community impacted by cloud. The mission of the CSA is to promote the use of best practices for security assurance in cloud computing and to educate organisations on how cloud computing can help secure all other forms of computing.