Information security

Information Security Management System

The ISO/IEC 27000 standards series is a globally recognized framework for security management, outlining best practices and comprehensive security controls. At the core of our security approach is the Information Security Management System (ISMS), which governs how we manage security across our cloud services.

The Cumulocity GmbH ISMS ensures:

  • Protection of cloud information assets against unauthorized access, use, disclosure, modification, disruption, and destruction.
  • Proactive risk management, including identifying security threats, preventing, detecting, and responding to security breaches.
  • Compliance with legal, regulatory, and contractual obligations.
  • Continuous improvement through an ongoing security management process that aligns with evolving security needs.

Our ISMS undergoes independent third-party assessments to validate compliance with the ISO/IEC 27001 standard, demonstrating our commitment to industry-leading security practices.

 

ISO Certifications

Cumulocity GmbH is certified for compliance with the following internationally recognized standards:

  • ISO/IEC 27001:2022 – Information Security Management
  • ISO/IEC 27017:2015 – Cloud Security Controls
  • ISO/IEC 27018:2019 – Protection of Personally Identifiable Information (PII) in the Cloud

Scope of Certification

The following Cumulocity GmbH cloud services are included in our certification scope:

  • Cumulocity SaaS Standard Edition
  • Cumulocity SaaS Dedicated Instance

 

View Certificates

Information security

Service Organization Controls

Our Service Organization Control (SOC) reports provide independent third-party assessments of our security, availability, and compliance controls. These reports help our customers understand how Cumulocity GmbH ensures the security and integrity of its cloud services.

SOC3 Report

The SOC3 Security and Availability Report is a publicly available document that provides a high-level overview of our security controls and risk management measures.

View Certificates

If you have any further questions, reachout to compliance@cumulocity.com

All other Information Security & Compliance documents can be found at Cumulocity GmbH Trust Center

For more details about our security and compliance program, read our cloud security datasheet.

Service Organization Controls

Quality management

Our ISO 9001-certified Quality Management System (QMS) serves as the foundation for delivering high-quality services and software, ensuring customer satisfaction, and driving continuous improvement.

As part of our QMS, our Product Development, Professional Services, and Global Support systems define the processes, roles, and policies that guide daily operations while safeguarding critical assets. This framework:

  • Ensures compliance with quality, safety, and performance regulations
  • Strengthens our ability to support customers effectively
  • Establishes clear and transparent processes
  • Facilitates continuous innovation within an agile development environment
  • Incorporates feedback loops to enhance software quality and provide a competitive advantage for our customers

Our QMS is a core component of our Integrated Management System (IMS).

View Certificates

For more details about Cumulocity’s Quality Management System, read our fact sheet

Quality management

Data protection

In today’s connected world, data protection and privacy are more important than ever. At Cumulocity, customers can trust that their personal data is processed in strict compliance with data protection and privacy regulations.

For detailed information on how we manage personal data processing and ensure compliance with applicable regulations, please refer to our FAQ.

For further details, refer to:

Cumulocity GmbH Privacy Notice 

Technical and Organizational Measures (TOMs)

Data protection

Business continuity

Our ISO 22301-certified Business Continuity Management System (BCMS) integrates advanced digitalization, best-practice governance processes, dedicated incident response teams, and redundant infrastructure to ensure the availability of critical systems for our customers.

This robust framework guarantees that essential services remain accessible, enabling our customers to meet their compliance requirements—even in crisis situations. We continuously adapt our BCMS to evolving needs, conduct regular reviews, and implement ongoing improvements to enhance its efficiency.

View Certificates

For more details about Cumulocity GmbH’s Business Continuity Management System, read our fact sheet.

Business continuity