HCL Software Compliance

HCL Software are committed to delivering secure environments to all our customers. In support of this commitment we have developed an Information Security Management System (ISMS) to drive consistency in approach across all of our products and services. Our ISMS allows us to set standards for security and measure our levels of compliance both internally and externally. One of our key external measures is the achievement of compliance certifications listed below.


ISO 27001 specifies a management system that is intended to bring information security under management control through specific requirements. Organizations that meet the requirements are certified by an accredited agency. By using a structured approach to defining and meeting the security requirements and a formal approach to risk management, organizations are able to minimize impacts to their information and assets, and give confidence to interested parties that security requirements are in place and being met.

ISO 26262 is an Automotive industry standard. Its goal is to assure the functional safety features that form an integral part of each automotive products development phase, ranging from the specification, to design, implementation, integration, verification, validation, and production release. The standard ISO 26262 is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems. ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems. The HCL Software Compass and Version Vault products have achieved compliance to this standard.

View Certificate:



The ISO 20243 standard is aimed at mitigating Maliciously Tainted and Counterfeit Products, combined with consistent and vigilant cybersecurity practices provides a roadmap for enhanced market-valued solutions.  The standard is focused on verifiable processes and implementation proof points to address the concerns of customers, integrators, suppliers, auditing, regulatory organizations, as well as best practices for implementation.  Organizations that meet the requirements are certified by an accredited agency.  By using a structured approach to defining verifiable processes and best practices, organization are able to minimize cybersecurity impacts on their products and give confidence to interested parties that evidence-based verification is in place and being met.

Link to the Open Group Certification Page

The US Federal Financial Institutions Examination Council (FFIEC) provides guidance to financial institutions and their third-party service providers to maintain effective risk management programs. A 3rd party vendor has evaluated HCL’s Unica marketing solution, Unica Campaign, against the FFIEC requirements and created a report to provide guidance and explanations for how HCL is satisfying the relevant FFIEC requirements to assist Unica Campaign’s financial institution customers to respond and support compliance with the outsourcing technology services booklet.

This report is intended solely for the information and use of the Company, user entities of the Company’s HCL Software data centers and infrastructure system as of the specified date, business partners of the Company subject to risks arising from interactions with the HCL Software data centers and infrastructure system, practitioners providing services to such user entities and business partners, prospective user entities and business partners, and regulators who have sufficient knowledge and understanding of the following:

  • • the nature of the service provided by the service organization;
  • • how the service organization’s system interacts with user entities, business partners, subservice organizations, and other parties;
  • • internal control and its limitations;
  • • user entity responsibilities and how they may affect the user entity’s ability to effectively use the service organization’s services;
  • • the applicable trust services criteria; and
  • • the risks that may threaten the achievement of the service organization’s service commitments and system requirements and how controls address those risks.

This report is not intended to be, and should not be, used by anyone other than these specified parties.

The System and Organization Controls (SOC), developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protect information stored across our HCL Software infrastructure and in the cloud. Independent auditors conduct audit against the SOC controls and establish a report that can be shared as a summary of compliance status. SOC 2 reports provide details about the status against our internal controls. SOC 2 Type I is a point in time assessment of the SOC 2 controls.
HCL Software Data Centers have been assessed against the SOC 2 Type I standards.
If you would like to receive a copy of the Report … Please follow the instruction on this link