HCL Software Trust Center
We are committed to delivering the security and privacy our customers depend on.
"HCL Software prioritizes Trust, Security and Privacy across our entire product suite. We ensure leading edge security best practices are a core part of all stages of our software development lifecycle before any product is released to market. This includes comprehensive security scanning techniques, robust penetration testing and threat modelling at all levels of the application and infrastructure stack. We use our own products in addition to leveraging a diverse set of third-party researchers and tools, to test comprehensive capability across all levels. Following application introduction, we continue to constantly assess its risk profile and immediately initiate any additional remediation measures, if necessary.
The resources you see below proudly demonstrate HCL Software’s commitment to the Trust, Security and Privacy of our products."
- Joseph Rubino, Vice President & Global Chief Information Security Officer (CISO) at HCL Software
Our Approach
Software security is critically important to HCL and our valued clients. The HCL security strategy covers all aspects of our business, including corporate and organizational security policies, incident management and response, business continuity and disaster recovery, secure software development processes, and privacy.
Security
Learn more about the policies and checkpoints that govern our development lifecycle.
HCL SOFTWARE PSIRT ->
HCL SOFTWARE TOMS ->
HCL SOFTWARE SECURITY COLLATERAL ->
HCL SOFTWARE SECURITY CERTIFICATIONS ->
Information Security Policy ->
Privacy and Data Protection
We care about your privacy and we work hard to ensure that any Personal Data we process is secured and treated the right way.
PRIVACY STATEMENT ->
CUSTOMER DATA PRIVACY AT HCL SOFTWARE ->
DATA PROCESSING AND DATA TRANSFERS ->
Secure Product Development
HCL Software adheres to stringent development processes to produce the code we develop and provide both our commercial and government customers.
The development models (standard release or continuous delivery) covers the full development cycle including key practices around …
- Requirements Management
- All aspects of Architecture and Design
- Secure Engineering Practices
- Risk Management
- Threat modelling
- Code scanning
- Coding and Coding standards
- Review and test methods at all stages
- Defect Management
All Development practices incorporate change control and are the key criteria assessed at release approval stage
- Risk Management
- Threat modelling
- Code scanning
Secure Product Support
Our Product Support teams protect our customer data and information by collecting only vital information, limiting access to customer contact information and case data to only those who are actively working to troubleshoot the reported problem, and encrypting customer sensitive information making it unreadable to anyone other than the intended party. Our data protection policy includes:
- Collecting only vital company and contact information.
- Communicating customer information and data via HTTPS and Transport Layer Security (TLS) protocols.
- Sending diagnostic data via SFTP or HTTPS using TLS protocols and encrypting stored data using the AES algorithm.
Explore Security Solutions for Your Business
Endpoint Management Platform
HCL BigFix is the only endpoint management platform that enables IT Operations and Security teams to fully automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.
Application Security Testing
HCL AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.
Get in Touch
Our valued clients can rest assured that we keep security foremost in our minds as we develop, test and deliver effective software solutions. For more information contact us or explore our product portfolio.
- ${title}${badge}