HCL Software Compliance

HCL Software are committed to delivering secure environments to all our customers. In support of this commitment we have developed an Information Security Management System (ISMS) to drive consistency in approach across all of our products and services. Our ISMS allows us to set standards for security and measure our levels of compliance both internally and externally. One of our key external measures is the achievement of compliance certifications listed below.


ISO 27001 specifies a management system that is intended to bring information security under management control through specific requirements. Organizations that meet the requirements are certified by an accredited agency. By using a structured approach to defining and meeting the security requirements and a formal approach to risk management, organizations are able to minimize impacts to their information and assets, and give confidence to interested parties that security requirements are in place and being met.

ISO 26262 is an Automotive industry standard. Its goal is to assure the functional safety features that form an integral part of each automotive products development phase, ranging from the specification, to design, implementation, integration, verification, validation, and production release. The standard ISO 26262 is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems. ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems. The HCL Software Compass and Version Vault products have achieved compliance to this standard.

View Certificate:



The ISO 20243 standard is aimed at mitigating Maliciously Tainted and Counterfeit Products, combined with consistent and vigilant cybersecurity practices provides a roadmap for enhanced market-valued solutions.  The standard is focused on verifiable processes and implementation proof points to address the concerns of customers, integrators, suppliers, auditing, regulatory organizations, as well as best practices for implementation.  Organizations that meet the requirements are certified by an accredited agency.  By using a structured approach to defining verifiable processes and best practices, organization are able to minimize cybersecurity impacts on their products and give confidence to interested parties that evidence-based verification is in place and being met.

Link to the Open Group Certification Page