TMCnet News

OutSystems Raises the Bar for Low-Code Platform Security with Multiple ISO and SOC Certifications
[September 19, 2017]

OutSystems Raises the Bar for Low-Code Platform Security with Multiple ISO and SOC Certifications


OutSystems today announced that it has bolstered its security credentials with three of the most recognized certifications - ISO 27001, ISO 22301, and SOC 2. In addition, OutSystems has become a member of the Cloud Security Alliance as part of its commitment to security best practices in cloud computing.

"Software security is one of the most critical issues that IT leaders face, and it is often one of the most challenging," said José Casinha, chief information security officer at OutSystems. "These new certifications help OutSystems provide an end-to-end security strategy for organizations building applications with our low-code platform."

OutSystems has completed the following certifications:

  • ISO 27001: This certification, from auditor BSI, approves the OutSystems systematic approach to managing sensitive company information so it remains secure.
  • ISO 22301: This certification, also from BSI, approves the management system the company has put in place for business continuity arrangements.
  • SOC (Service Organization Controls) 2 Type II: This attestation, from KirkpatrickPrice, demonstrates that OutSystems has selected and implemented a specific and well-defined set of security controls. The framework validates that the service provider's data management systems are secure, available and protect the integrity and confidentiality of data.

OutSystems ensures security best practices are enforced throughout the development lifecycle. Apps or systems created in the platform automatically include code protection for the riskiest threats, e.g. OWASP Top Ten: Injection, Cross-Site Scripting, Sensitive Data Exposure, etc.

"CISOand IT leaders know that their infosec depends on each programmer's adoption of security best practices in coding," said Casinha. "Given that every chain is only as strong as its weakest link, it is important to have automated security standards that are automatically included and always enforced."



"We currently have over 196 unique security features in our platform covering everything from device security to cloud operations," said Paulo Rosado, OutSystems CEO. "These advanced features, the systematic enforcement of code security, and the most recognized security certifications in the world provide IT leaders with peace of mind that their software development is secure."

OutSystems enforces most of the key security requirements with automation, including application security checks, identity management, access control, single sign-on, encryption, auditing, and more.


To complete these certifications, OutSystems underwent a series of formal independent audits of its technologies, security policies and procedures, as well as its internal risk and operations controls. The successful completion of these respected certification processes reinforces the company's commitment to providing customers with the most secure, user-friendly development environment in the industry.

"The SOC 2 audit is based on the Trust Services Principles and Criteria. OutSystems has selected the security, confidentiality, availability, and processing integrity trust services principles for the basis of their audit," said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. "OutSystems delivers trust based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on OutSystems controls."

"Because of its cloud approach to application development, OutSystems is at the helm of offering secure application development as a service," said Jim Reavis, co-founder and chief executive officer of Cloud Security Alliance (CSA). "CSA looks forward to having OutSystems share insights with our member organizations to help develop and execute on secure cloud computing best practices."

By joining CSA, OutSystems will add its subject matter expertise to that of other industry practitioners, associations, governments, and corporate and individual members who offer cloud security-specific research, education, certification, events and products to the entire community impacted by cloud. The mission of the CSA is to promote the use of best practices for security assurance in cloud computing and to educate organizations on how cloud computing can help secure all other forms of computing.

About OutSystems

Thousands of customers worldwide trust OutSystems, the number one low-code platform for rapid application development. Engineers with an obsessive attention to detail crafted every aspect of the OutSystems platform to help organizations build enterprise-grade apps and transform their business faster. With OutSystems, you visually develop your entire application, easily integrate with existing systems, and add your own custom code when you need it. Visit us at www.outsystems.com, or follow us on Twitter (News - Alert) @OutSystems or LinkedIn (News - Alert) at www.linkedin.com/company/outsystems.


[ Back To TMCnet.com's Homepage ]