Trust & Assurance
Cumulocity recognises that the confidentiality, integrity, and availability of information and data created, maintained, and hosted by us are vital to the success of the business and privacy of our partners. We understand the importance in providing clear information about our security practices, tools, resources and responsibilities within Cumulocity so that our customers can feel confident in choosing us as a trusted provider.
This portal serves as your Trust Center, providing a central hub for easy access to Cumulocity’s security and compliance information. If you have any questions, please feel free to contact us at trustcenter-admin@cumulocity.com
Information security
Information Security Management System
The ISO/IEC 27000 standards series is a globally recognized framework for security management, outlining best practices and comprehensive security controls. At the core of our security approach is the Information Security Management System (ISMS), which governs how we manage security across our cloud services.
The Cumulocity GmbH ISMS ensures:
- Protection of cloud information assets against unauthorized access, use, disclosure, modification, disruption, and destruction.
- Proactive risk management, including identifying security threats, preventing, detecting, and responding to security breaches.
- Compliance with legal, regulatory, and contractual obligations.
- Continuous improvement through an ongoing security management process that aligns with evolving security needs.
Our ISMS undergoes independent third-party assessments to validate compliance with the ISO/IEC 27001 standard, demonstrating our commitment to industry-leading security practices.
ISO Certifications
Cumulocity GmbH is certified for compliance with the following internationally recognized standards:
- ISO/IEC 27001:2022 – Information Security Management
- ISO/IEC 27017:2015 – Cloud Security Controls
- ISO/IEC 27018:2019 – Protection of Personally Identifiable Information (PII) in the Cloud
Scope of Certification
The following Cumulocity GmbH cloud services are included in our certification scope:
- Cumulocity SaaS Standard Edition
- Cumulocity SaaS Dedicated Instance

Service Organization Controls
Our Service Organization Control (SOC) reports provide independent third-party assessments of our security, availability, and compliance controls. These reports help our customers understand how Cumulocity GmbH ensures the security and integrity of its cloud services.
SOC3 Report
The SOC3 Security and Availability Report is a publicly available document that provides a high-level overview of our security controls and risk management measures.
View Certificates in our Trust center
If you have any further questions, reachout to compliance@cumulocity.com
All other Information Security & Compliance documents can be found at Cumulocity GmbH Trust Center
For more details about our security and compliance program, read our cloud security datasheet.

Quality management
Our ISO 9001-certified Quality Management System (QMS) serves as the foundation for delivering high-quality services and software, ensuring customer satisfaction, and driving continuous improvement.
As part of our QMS, our Product Development, Professional Services, and Global Support systems define the processes, roles, and policies that guide daily operations while safeguarding critical assets. This framework:
- Ensures compliance with quality, safety, and performance regulations
- Strengthens our ability to support customers effectively
- Establishes clear and transparent processes
- Facilitates continuous innovation within an agile development environment
- Incorporates feedback loops to enhance software quality and provide a competitive advantage for our customers
Our QMS is a core component of our Integrated Management System (IMS).
View Certificates in our Trust center
For more details about Cumulocity’s Quality Management System, read our fact sheet

Data protection
In today’s connected world, data protection and privacy are more important than ever. At Cumulocity, customers can trust that their personal data is processed in strict compliance with data protection and privacy regulations.
For detailed information on how we manage personal data processing and ensure compliance with applicable regulations, please refer to our FAQ.
For further details, refer to:
Business continuity
Our ISO 22301-certified Business Continuity Management System (BCMS) integrates advanced digitalization, best-practice governance processes, dedicated incident response teams, and redundant infrastructure to ensure the availability of critical systems for our customers.
This robust framework guarantees that essential services remain accessible, enabling our customers to meet their compliance requirements—even in crisis situations. We continuously adapt our BCMS to evolving needs, conduct regular reviews, and implement ongoing improvements to enhance its efficiency.
View Certificates in our Trust center
For more details about Cumulocity GmbH’s Business Continuity Management System, read our fact sheet.
