2292745 - SF compliance with the following Security Standards - ISO27001, Data Protection Directive (EU) and PCI DSS

Please provide a response on your current compliance with the following standards where applicable:

1. ISO27001 (Information Security Management)
2. Data Protection Directive (EU)
3. PCI DSS (Payment Card Industry Data Security Standard)

 SAP SuccessFactors HXM Suite

• ISO27001 (Information Security Management)
  
  SuccessFactors has established strict policies, standards and procedures regarding all activities associated with employees’, contractors’ and third party vendors’ approach to its information processing environment. SAP Internal IT Services is ISO 27001:2013 certified. SuccessFactors is aligned with ISO 27001 for Information Security, the UK standard BS 10012 for Data Protection, and ISO 20000 for Service Delivery. Where these standards overlap in subject matter, Information Security ISO 27001 takes precedence.

• Data Protection Directive (EU)
  
  SuccessFactors has established strict policies, standards and procedures regarding all activities associated with employees’, contractors’ and third party vendors’ approach to its information processing environment. SAP Internal IT Services is ISO 27001:2013 certified. SuccessFactors is aligned with ISO 27001 for Information Security, the UK standard BS 10012 for Data Protection, and ISO 20000 for Service Delivery. Where these standards overlap in subject matter, Information Security ISO 27001 takes precedence.
  See Data Privacy and Security: Data Processing Agreement for Cloud Services
  

• PCI DSS (Payment Card Industry Data Security Standard)
  
  Non applicable. SuccessFactors does not process financial data.

SAP Trust Center

Data Processing Agreement for Cloud Services

 SAP Trust Center, Data processing Agreement for Cloud Services , KBA , LOD-SF-PLT-SEC , Security Reports , How To