Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access

Overview

Our mission at Outsystems is to give every organization the power to innovate through software. We do this by helping organizations build that software fast, right and for the future. A visual, model-driven development environment with industry-leading AI-based assistance ensures apps are built in days or weeks instead of months or years. Platform services, also with AI, provide automation enhancing the entire application lifecycle so apps can be deployed with a single-click and managed with unparalleled ease.

This page is an overview of OutSystems security compliance programs. You can use it to learn more about our security compliance programs and to request access to our compliance documents.

Compliance

CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 22301 Logo
ISO 22301
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 9001 Logo
ISO 9001
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
TISAX Logo
TISAX
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access
38 Documents
HIPAA Report
Pentest Report
SOC 2 Report
SOC 3 Report
CSA STAR
HIPAA
ISO 22301
ISO 27001
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 9001
SOC 2
CAIQ
Cyber Insurance
Master Services Agreement
Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Encryption Policy
General Incident Response Policy
IMS Policy
Information Security Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
BC/DR

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Third Party DependenceYes
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

HIPAA Report
Pentest Report
SOC 2 Report
See more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bug Bounty
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
BC/DR
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
See more

Network Security

Firewall
IDS/IPS
Security Information and Event Management
See more

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Trust Center Updates

A message about the Spring4Shell: Zero-Day Vulnerability in Spring Framework

Published at 04/05/2022, 4:17 AM

On March 31, 2022, Spring confirmed the zero-day vulnerability and released Spring Framework versions 5.3.18 and 5.2.20 to address it. The vulnerability affects SpringMVC and Spring WebFlux applications running on Java Development Kit (JDK) 9+.

What does this mean for OutSystems customers?

Based on our investigation, the OutSystems platform does not appear to be vulnerable to Spring4Shell based on how our software uses JDK 9+

  • OutSystems 11 does not run on Java and is not affected by this vulnerability.
  • OutSystems 10 customers running on on-premise Java stacks do not appear to be vulnerable based on the configuration of the OutSystems Platform and how it uses the JDK 9+ software.

Regardless, all customers should do a thorough investigation of their on-premise deployments to check for any vulnerable software within their stack.

What is OutSystems doing?

At OutSystems, the security of our platform and of our customers’ data is of the utmost importance and we are doing everything we can to stay ahead of the situation.

Our security team is monitoring the situation closely and following the recommended guidance from Spring. We will deploy any relevant patches as soon as they become available. At this time, we do not anticipate service disruptions as a result of these efforts.

We will provide any relevant updates on new developments for our customers here on the Security Portal.

More about the Spring4Shell: Zero-Day Vulnerability

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

At OutSystems, the security of our platform and the safety of our customers’ data is our top priority. For more security updates from OutSystems, please visit: security.outsystems.com

OutSystems update on Okta

Published at 03/24/2022, 11:04 AM

While OutSystems allows customers to authenticate using Okta, we do not use Okta internally. As a result, at this point in time, we do not have any reason to believe we were affected.

Please reach out to us at security@outsystems.com if you have any further questions or concerns.

Russia-Ukraine Conflict: OutSystems Situation Update

Published at 03/07/2022, 10:52 AM

Russia-Ukraine Conflict: OutSystems Situation Update

Q: How is OutSystems able to support its customers’ services during the conflict?

OutSystems service support is provided 24x7 from several different locations included in the existing OutSystems Business Continuity Management System. Global Support locations are located in Linda-a-Velha (Lisbon area), Proença-a-Nova (Center of Portugal), Braga (North of Portugal), Tokyo (Japan), Kuala Lumpur (Malaysia), and Boston (USA), but the company is still operating mainly in remote working locations inline with the COVID-19 pandemic strategy still running in multiple countries.

Q: Are OutSystems infrastructures affected by the Russia-Ukraine conflict?

OutSystems cloud relies on AWS and we do not provide services in Russia, Belarus or restricted Ukraine regions, therefore we do not foresee potential impacts for our customers.

Q: Does OutSystems have Employees in the conflict region?

OutSystems has only a small number of contractors located in Ukraine. We remain in close contact with and support those individuals. As such we do not anticipate any impact on the business.

Q: What procedures has OutSystems put in place to manage the Russia-Ukraine Conflict?

OutSystems doesn’t expect any disruptions in the support services or infrastructures and we currently do not see any indication of risks to business continuity, either from an operational, financial, or third party dependency (e.g. imposed sanctions) perspective. The OutSystems Business Continuity Plan aims to:

  • Maintain OutSystems activity in view of the possible effects of the Russia-Ukraine Conflict, such as any absenteeism of our employees and the repercussions on OutSystems activities, customers, and on an employee’s family environment.
  • Maintain the confidence and security of all OutSystems interested parties by implementing measures based on best evidence.

OutSystems Position Regarding the Conflict

As the humanitarian crisis in Ukraine continues to unfold, we all have a role to play to help those in need, especially the children affected by these recent events. At OutSystems we believe in the power of community and action, and have launched the Build for Peace program to support the Ukrainian people and refugees globally. The program will invite and unite the OutSystems Community, including customers, partners and employees, to build apps, volunteer skills, and provide job assistance, mentoring and training to refugees and those affected by the conflict in Ukraine.

We are also proud to share that in the days following the initial invasion, members of the OutSystems Community came together to launch the We Help Ukraine platform, built on OutSystems. This global, community-led initiative connects Ukrainian refugees with support for housing, transportation, medical aid, legal services and more. OutSystems has provided platform licenses and many of our employees are volunteering their time and expertise to help.

In addition to Build for Peace, OutSystems is matching employee donations to approved charities that are working in a variety of volunteer capacities to help the people of Ukraine.

As members of the global community, our hearts go out to the people of Ukraine and refugees around the world, and we are focused on the safety and wellbeing of all who are affected by conflict.