QAD Trust Center

ISO 20000 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements.

FDA 21 CFR Part 11 is part of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES). Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in FDA regulations.

ISO/IEC 27001 is the globally recognized standard for information security management systems (ISMS) and their requirements. By adhering to this standard, QAD ensures that its clients’ data is protected against potential threats, and that we maintain the highest levels of cloud security.

The Veracode Verified Program focuses on securing development processes and improving application security posture through the application of AppSec principles. The linked QAD Applications have achieved “Verified” status.

CSA STAR (Cloud Security Alliance - Security, Trust, Assurance, and Risk) is the industry’s most powerful program for assurance in the cloud, encompassing key principles of transparency, rigorous auditing and harmonization of standards. CSA STAR is a technology-neutral certification that leverages the requirements of ISO 27001, “Information security management,” together with the Cloud Controls Matrix (CCM). QAD is listed on the CSA STAR Registry as Level One and Level Two Star Certified.

TISAX (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism for information security in the automotive industry. It is used to assess all organizations involved in the production of vehicles and allows the subsequent sharing of results on a designated, non-public platform.

A SOC 1 (System and Organization Controls) audit is a QAD attestation to fulfillment of its internal controls relevant to its cloud customers’ financial statements and covers controls around processing and securing customer information, spanning both business and IT processes. Type 2 is an attestation of controls over a 12-month period.

The EU-U.S. Data Privacy Framework Program principles (DPF), including the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Principles were designed by the U.S. Department of Commerce, the European Commission and the Swiss and UK administrations to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union, the UK or Switzerland to the United States. The framework provides for an externally enforceable commitment to comply with the principles outlined in the European General Data Protection Regulation (GDPR). QAD has submitted to the authority of the competent data protection authorities. QAD’s listing is found here.

A SOC 2 examination is a report on controls at QAD relevant to security, availability and confidentiality. The SOC 2 report is intended to meet the needs of a broad range of users that need detailed information and assurance about QAD controls relevant to security, availability, and confidentiality of the information processed by the QAD Cloud Services systems.