Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

Product Security

Compliance Offerings

Working diligently to stay on top of rapidly changing security challenges. Our products are built on a foundation of industry standards, compliance, attestations, and regulatory requirements.

ISO 27001

ISO 27001 (often referred to as ISO/IEC 27001:2013) is the leading international standard focused on information security developed to help organizations protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System. It also prescribes best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures.

The following Micro Focus products are ISO 27001:2013 certified:

Our complete list of products in each product group is available here.

  • ISO 27034

    ISO 27034

    ISO/IEC 27034 offers guidance on information security to business and IT managers, developers, and the end-users of Information and Communications Technology (ICT) using application systems. The aim is to ensure computer applications deliver the desired level of security in support of the organization’s Information Security Management System, adequately addressing many ICT security risks.

    The following Micro Focus products are ISO 27034 certified:

    Our complete list of products in each product group is available here.

  • ISO 9001

    ISO 9001

    ISO 9001 sets out the criteria for a quality management. It can be used by any organization, large or small, regardless of its field of activity. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001 helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.

  • SOC 2

    SOC 2

    SOC 2 report focuses on non-financial controls, such as security, availability, processing integrity, confidentiality, and privacy. This report focuses on the Trust Service Principles (TSPs) and serves to educate the user entity about processes that affect its security, availability, processing integrity, confidentiality, or privacy of the data.

    • The following Micro Focus products are SOC 2 certified:
      • Application Delivery Management (ADM) – ALM QC, PPM, ALM Octane, LRE, LRC, UFTMobile are SOC 2 certified
      • IT Operations Management (ITOM) – SMAX and CMS are SOC 2 certified
      • Digital Safe
      • eDiscovery
    • A signed NDA is needed in order to receive the SOC 2 report. Please reach out to your account representative for more information.
  • FedRAMP


    The Federal Risk and Authorization Management Program (FedRAMP) empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information. FedRAMP demonstrates that we have proven that our systems are designed to keep federal data secure, as required by U.S. federal agencies.

    The following Micro Focus products are FedRAMP certified:

  • Cybersecurity Maturity Model Certification (CMMC)

    Cybersecurity Maturity Model Certification (CMMC)

    The CMMC is a type of information security maturity model specific to Department of Defense third-party contractors. CMMC compliance requires companies, entering into contracts with the Department of Defense, to have adequate safeguards in place to protect their data.

    Micro Focus has done a self-evaluation and certifies at Level 1


For any questions related to certifications

Our complete list of products in all product groups is available here

release-rel-2022-8-1-7822 | Wed Aug 3 16:06:55 PDT 2022
Wed Aug 3 16:06:55 PDT 2022