Trust
and Security

IT Controls (ISAE3402/SOC)

Basware services provide IT General and Application controls which are assessed in frequent ISAE 3402/SOC audits conducted by independent 3rd party.

Publicly available 2021 report summaries:

• P2P ISAE 3000 Summary
• P2P ISAE 3402 Summary
• Network ISAE 3000 Summary
• ​Network ISAE 3402 Summary

Publicly available 2020 report summaries:

• P2P ISAE 3000 Summary
• P2P ISAE 3402 Summary
• Network ISAE 3000 Summary
• ​Network ISAE 3402 Summary

Publicly available 2019 report summaries:

• P2P ISAE 3000 Summary
• P2P ISAE 3402 Summary
• Network ISAE 3000 Summary
• Network ISAE 3402 Summary

Basware Personal Data Processing Appendix  [released 28 October 2021]
Appendix applicable to processing of personal data through Basware services made available via a network, including Basware Security Measures annex.

Security Testing

Security Testing by Basware

• Basware carries out vulnerability scanning using several security tools for testing services externally and internally
• Basware services are also tested by an external security company. General level statement of external security testing is available for customers on request.

Security Testing by the Customers

• Depending on agreed Service Level, Customers are welcome to engage security testing of Basware Services following agreed processes and practices. For further details please contact your Customer Support Manager