HCL Software Compliance
Delivering secure environments to customers
HCL Software Compliance
HCL Software are committed to delivering secure environments to all our customers. In support of this commitment we have developed an Information Security Management System (ISMS) to drive consistency in approach across all of our products and services. Our ISMS allows us to set standards for security and measure our levels of compliance both internally and externally. One of our key external measures is the achievement of compliance certifications listed below.
ISO 27001 specifies a management system that is intended to bring information security under management control through specific requirements. Organizations that meet the requirements are certified by an accredited agency. By using a structured approach to defining and meeting the security requirements and a formal approach to risk management, organizations are able to minimize impacts to their information and assets, and give confidence to interested parties that security requirements are in place and being met.
View Certificates:
ISO 26262 is an Automotive industry standard. Its goal is to assure the functional safety features that form an integral part of each automotive products development phase, ranging from the specification, to design, implementation, integration, verification, validation, and production release. The standard ISO 26262 is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems. ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems. The HCL Software Compass and Version Vault products have achieved compliance to this standard.
View Certificate:
CHANGE MANAGEMENT AND VERSION CONTROL TOOLS CERTIFICATE
The ISO 20243 standard is aimed at mitigating Maliciously Tainted and Counterfeit Products, combined with consistent and vigilant cybersecurity practices provides a roadmap for enhanced market-valued solutions. The standard is focused on verifiable processes and implementation proof points to address the concerns of customers, integrators, suppliers, auditing, regulatory organizations, as well as best practices for implementation. Organizations that meet the requirements are certified by an accredited agency. By using a structured approach to defining verifiable processes and best practices, organization are able to minimize cybersecurity impacts on their products and give confidence to interested parties that evidence-based verification is in place and being met.
The US Federal Financial Institutions Examination Council (FFIEC) provides guidance to financial institutions and their third-party service providers to maintain effective risk management programs. A 3rd party vendor has evaluated HCL’s Unica marketing solution, Unica Campaign, against the FFIEC requirements and created a report to provide guidance and explanations for how HCL is satisfying the relevant FFIEC requirements to assist Unica Campaign’s financial institution customers to respond and support compliance with the outsourcing technology services booklet.
- • the nature of the service provided by the service organization;
- • how the service organization’s system interacts with user entities, business partners, subservice organizations, and other parties;
- • internal control and its limitations;
- • user entity responsibilities and how they may affect the user entity’s ability to effectively use the service organization’s services;
- • the applicable trust services criteria; and
- • the risks that may threaten the achievement of the service organization’s service commitments and system requirements and how controls address those risks.
The System and Organization Controls (SOC), developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protect information stored across our HCL Software infrastructure and in the cloud. Independent auditors conduct audit against the SOC controls and establish a report that can be shared as a summary of compliance status. SOC 2 reports provide details about the status against our internal controls. SOC 2 Type I is a point in time assessment of the SOC 2 controls. HCL Software Data Centers have been assessed against the SOC 2 Type I standards. SOC 2 reports are restricted reports and are solely for the information of the Company being audited and its Customers. Customers accessing the SOC 2 Type I report linked below are required to accept the “Restricted Use Agreement” before accessing the report.
- • the nature of the service provided by the service organization;
- • how the service organization’s system interacts with user entities, business partners, subservice organizations, and other parties;
- • internal control and its limitations;
- • user entity responsibilities and how they may affect the user entity’s ability to effectively use the service organization’s services;
- • the applicable trust services criteria; and
- • the risks that may threaten the achievement of the service organization’s service commitments and system requirements and how controls address those risks.