Our Approach
Software security is critically important to HCL and our valued clients. The HCL security strategy covers all aspects of our business, including corporate and organizational security policies, incident management and response, business continuity and disaster recovery, secure software development processes, and privacy.

Security
Learn more about the policies and checkpoints that govern our development lifecycle.
HCLSOFTWARE PSIRT ->
HCLSOFTWARE TOMS ->
HCLSOFTWARE SECURITY COLLATERAL ->
HCLSOFTWARE SECURITY CERTIFICATIONS ->
INFORMATION SECURITY POLICY ->
STATEMENT OF APPLICABILITY ->

Privacy and Data Protection
We care about your privacy and we work hard to ensure that any Personal Data we process is secured and treated the right way.
PRIVACY STATEMENT ->
CUSTOMER DATA PRIVACY AT HCLSOFTWARE ->
DATA PROCESSING AND DATA TRANSFERS ->
DATA TRANSFER AMENDMENT TO UPDATE SCCs ->

Secure Product Development
HCLSoftware adheres to stringent development processes to produce the code we develop and provide both our commercial and government customers.
The development models (standard release or continuous delivery) covers the full development cycle including key practices around …
- Requirements Management
- All aspects of Architecture and Design
- Secure Engineering Practices
- Risk Management
- Threat modelling
- Code scanning
- Coding and Coding standards
- Review and test methods at all stages
- Defect Management
All Development practices incorporate change control and are the key criteria assessed at release approval stage
- Risk Management
- Threat modelling
- Code scanning

Secure Product Support
Our Product Support teams protect our customer data and information by collecting only vital information, limiting access to customer contact information and case data to only those who are actively working to troubleshoot the reported problem, and encrypting customer sensitive information making it unreadable to anyone other than the intended party. Our data protection policy includes:
- Collecting only vital company and contact information.
- Communicating customer information and data via HTTPS and Transport Layer Security (TLS) protocols.
- Sending diagnostic data via SFTP or HTTPS using TLS protocols and encrypting stored data using the AES algorithm.
Explore Security Solutions for Your Business

Endpoint Management Platform
HCL BigFix is the only endpoint management platform that enables IT Operations and Security teams to fully automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.
Application Security Testing
HCL AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.
Get in Touch
Our valued clients can rest assured that we keep security foremost in our minds as we develop, test and deliver effective software solutions. For more information contact us or explore our product portfolio.