Progress DataDirect Security Profile 

Transparency & Product Security Reports

Along with our corporate security measures, Progress DataDirect emphasizes transparency, proactivity, and responsiveness in our security policies and practices. To increase transparency, we have a comprehensive statement-of-quality report available for any product build that you plan to adopt. This report provides confidence to direct end users, and information that will accelerate the release process for ISVs.  More specifically these reports include:

• A complete list of external or third-party dependencies (including transitive dependencies) used in the product, along with the license type (ie MIT, Apache, etc) and all known vulnerabilities found in the given version of the component utilized. The report also includes comments from our impact analysis of these CWEs.
• The results of static code scanning of the product code. These include found flaws, mitigated flaws, and any detailed mitigation comments which explain why certain flaws do not affect our products.

Progress DataDirect is SOC2 Compliant

Progress DataDirect SOC2 Certification.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

Progress DataDirect is ISO 20243 Certified

Progress DataDirect ISO 20243 Certification.
ISO/IEC 20243-1:2018 (O-TTPS) is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software COTS ICT products throughout the product life cycle.

DataDirect Security Guidelines