Trust is essential to your business
At Dassault Systèmes, we put security, privacy and quality at the heart of our 3DEXPERIENCE platform operations.
Our ISO-certified management systems power our reliable and scalable cloud platform with state-of-the-art practices — critical enablers of your business success.
Security
Multi-faceted and proactive cybersecurity management
Privacy
Secure handling and processing of personally identifiable information (PII)
Quality
Traceable software development lifecycle to control software changes
- Security
- Privacy
- Quality
We understand that safeguarding your data and intellectual property is your highest priority. Rest assured that it's ours as well. We have established a security program to defend every level of your cloud implementation using the highest standards available.
ISO/IEC 27001:2022 Information Security Management for Dassault Systèmes IT
Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system and includes requirements for the assessment and treatment of information security risks. The scope of our certification includes development, maintenance, operations, and support of the Dassault Systèmes working environment and information technology and information systems applications aiming to deliver services to all Dassault Systèmes users.
ISO/IEC 27001:2017 Information Security Management for 3DEXPERIENCE platform SaaS
Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system and includes requirements for the assessment and treatment of information security risks. The scope of our certification includes design, development, delivery, deployment, cloud operations and support of the 3DEXPERIENCE platform SaaS.
RFC 2350
Provides a description of Dassault Systèmes’ Computer Security Incident Response Teams (CSIRT) in accordance with RFC 2350.
Shared Responsibility Model
Dassault Systèmes Shared Responsibility Model defines the areas of responsibilities between Customer and 3DS in terms of operational security and compliance related to the Online Services.
Dassault Systèmes Vulnerability Reporting
Dassault Systèmes takes vulnerability disclosure seriously and values the role of independent security researchers.
Vulnerability Testing
As part of our measures to continuously monitor and mitigate vulnerabilities, we apply comprehensive risk assessment to identify, analyze and evaluate risks and select risk treatment controls based on NIST SP 800-53, ISO/IEC 27001 and ISO/IEC 27701. We employ a multi-layer vulnerability management system based on NIST best practices, combining external and in-house systems for identifying, testing and controlling vulnerabilities.
A major part of our vulnerability management system is our usage of network and vulnerability scanners. If a vulnerability requiring remediation has been identified, it is logged and prioritized according to severity, then tracked until it has been remediated. We use static code analysis (SAST), dynamic analysis (DAST), intensive manual penetration tests and private bug bounty programs in addition to controls based on OWASP best practices to continually add new security measures against potential threats.
Third Party Vulnerability Assessment Certificate | Certificate Date |
3DEXPERIENCE Platform Security Assessment R2025xGA | 20-SEP-2024 |
3DEXPERIENCE Platform Security Assessment R2024xGA | 02-OCT-2023 |
3DEXPERIENCE Platform Security Assessment R2023xGA | 19-DEC-2022 |
3DEXPERIENCE Platform Security Assessment R2022x | 19-JULY-2021 |
3DEXPERIENCE Platform Security Assessment R2021x-FD03 | 22-OCT-2020 |
3DEXPERIENCE Platform Application Security
3DEXPERIENCE Platform Cloud Security and Privacy
Our cloud solutions are built with respect for the privacy of our customers and users. We follow high standards to ensure that all personally identifiable information (PII) is processed securely, in accordance with relevant laws and standards such as the European General Data Protection Regulation 2016/679 (GDPR).
ISO/IEC 27701:2019 Privacy Information Management
Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. The scope of our certification includes data privacy management in the context of 3DEXPERIENCE platform SaaS when Dassault Systèmes acts in the role of controller and processor.
How we enable data protection compliance
We act in the role of controller and in the role of processor as defined by the European General Data Protection Regulation. For more information visit our data protection page and read our 3DEXPERIENCE Cloud Security & Privacy Whitepaper.
3DEXPERIENCE Platform Cloud Security and Privacy
We are deeply committed to creating quality solutions that allow our customers to meet the critical business requirements of the industries in which they operate. This commitment to quality is evidenced by our well-established Quality Management System (QMS) that focuses on operational excellence and performance. Our QMS is based on common business processes and infrastructure, supported by the 3DEXPERIENCE platform, and is centrally administered through a global operational model.
ISO 9001:2015 Quality Management System
Specifies the requirements for establishing, implementing, maintaining and continually improving a quality management system when an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and aims to enhance customer satisfaction through the effective application of the quality system. The scope of our certification includes design, development, delivery, deployment, cloud operations and support of the 3DEXPERIENCE platform and apps.
Dassault Systèmes’ Position: Guideline for Electronic Records; Electronic Signatures
This regulatory position paper delves into the specific criteria of 21 CFR Part 11 of the Food and Drug Administration (FDA) regulations in the United States and EU Annex 11 within the European Union. It provides insights into Dassault Systèmes position and how our software solutions address each requirement to assist customers in achieving compliance.
Dassault Systèmes’ Risk-Based Approach to Software Quality Assurance
As a software cloud-based services supplier for Life Sciences companies, 3DS supports its customers compliance with their GxP regulatory requirements for its 3DEXPERIENCE platform. This white paper outlines the 3DS risk-based approach to software quality assurance followed for the evaluation of the 3DEXPERIENCE portfolio products and related changes based on GAMP5: A Risk-Based Approach to Compliant GxP Computerized Systems.