Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

Product Security

Compliance Offerings

Working diligently to stay on top of rapidly changing security challenges. Our products are built on a foundation of industry standards, compliance, attestations, and regulatory requirements.

ISO 27001

ISO 27001 (often referred to as ISO/IEC 27001:2013) is the leading international standard focused on information security developed to help organizations protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System. It also prescribes best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures.

The following Micro Focus products are covered within certified ISO 27001:2013 Information Security Management Systems (ISMS): 

Our complete list of products in each product group is available here.

  • ISO 27034

    ISO 27034

    ISO/IEC 27034 offers guidance on information security to business and IT managers, developers, and the end-users of Information and Communications Technology (ICT) using application systems. The aim is to ensure computer applications deliver the desired level of security in support of the organization’s Information Security Management System, adequately addressing many ICT security risks.

    The following Micro Focus products are ISO 27034 certified:

    Our complete list of products in each product group is available here.

  • ISO 9001

    ISO 9001

    ISO 9001 sets out the criteria for a quality management. It can be used by any organization, large or small, regardless of its field of activity. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001 helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.

  • SOC 2

    SOC 2

    SOC 2 report focuses on non-financial controls, such as security, availability, processing integrity, confidentiality, and privacy. This report focuses on the Trust Service Principles (TSPs) and serves to educate the user entity about processes that affect its security, availability, processing integrity, confidentiality, or privacy of the data.

    • The following Micro Focus products are SOC 2 certified:
      • Application Delivery Management (ADM) – ALM QC, PPM, ALM Octane, LRE, LRC, UFTMobile are SOC 2 certified
      • IT Operations Management (ITOM) – SMAX and CMS are SOC 2 certified
      • eDiscovery
    • A signed NDA is needed in order to receive the SOC 2 report. Please reach out to your account representative for more information.


    Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for information security in the automotive industry. The TISAX certification confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.

    The following Micro Focus teams are TISAX certified:

    • Micro Focus Customer Care (Support) team

    To lookup on ENX site, search by our company name - Micro Focus

    To learn more about TISAX certification, read here.

  • Cybersecurity Maturity Model Certification (CMMC)

    Cybersecurity Maturity Model Certification (CMMC)

    The CMMC is a type of information security maturity model specific to Department of Defense third-party contractors. CMMC compliance requires companies, entering into contracts with the Department of Defense, to have adequate safeguards in place to protect their data.

    Micro Focus has done a self-evaluation and certifies at Level 1

  • TAA


    The Trade Agreements Act of 1979 (19 U.S.C. §§ 2501 – 2581) (“TAA”) implements several trade agreements that guarantee signatory countries non-discriminatory treatment in government procurements conducted in other signatory countries. The TAA allows U.S. government contractors to furnish the U.S. Government products and services from countries with which the U.S. has signed multilateral or bilateral free trade agreements or that have otherwise been determined to be TAA “Designated Countries."

    To meet the TAA’s country of origin (“COO”) requirements for products, U.S. government contractors (and their subcontractors/suppliers) must supply items that are either:

    (i) produced or manufactured in the U.S. or a Designated Country; or

    (ii) “substantially transformed” into new and different articles of commerce in the U.S. or a Designated Country.

    Continue reading here.

    TAA compliance statement by product group:


For any questions related to certifications

Our complete list of products in all product groups is available here

release-rel-2024-5-1-9444 | Tue Apr 30 16:03:23 PDT 2024
Tue Apr 30 16:03:23 PDT 2024