Along with our corporate security measures, Progress DataDirect emphasizes transparency, proactivity, and responsiveness in our security policies and practices. To increase transparency, we have a comprehensive statement-of-quality report available for any product build that you plan to adopt. This report provides confidence to direct end users, and information that will accelerate the release process for ISVs. More specifically these reports include:
Progress DataDirect utilizes industry standards like OWASP SAMM (Software Assurance Maturity Model) to regularly audit and emphasize a secure development lifecycle. These compliance audits make sure that our internal security practices stay robust and trustworthy.
While many aspects of the secure development lifecycle are internal, we are ultimately focused on our principles of providing transparency, trust, and secure products to our customers. Below are just a subset of examples of how we achieve this:
Progress DataDirect SOC2 Certification.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
Progress DataDirect ISO 20243 Certification.
ISO/IEC 20243-1:2018 (O-TTPS) is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software COTS ICT products throughout the product life cycle.
The Progress DataDirect Security Guidelines outline the general principles under which Progress manages the reporting, management, discussion, and disclosure of security vulnerabilities discovered in DataDirect software and related components. Please refer to the DataDirect Security Guidelines (progress.com) page for more details.