Trust and Security

Rest easy when it comes to trust and security. We have you covered.

Your security matters to us

We are committed to helping organizations protect their critical information assets and comply with legal and regulatory requirements by continuously providing independent assurance of our security practices through third-party certifications and audits. See below for access to all publicly available report summaries and compliance certifications.

IT Controls (ISAE3402/SOC)

Basware services provide IT General and Application controls which are assessed in frequent ISAE 3402/SOC audits conducted by independent 3rd party.

Basware Personal Data Processing Appendix

Basware Personal Data Processing Appendix [released 28 October 2021] - Appendix applicable to processing of personal data through Basware services made available via a network, including Basware Security Measures annex.

Security Testing

Security Testing by Basware

  • Baswarecarries out vulnerability scanning using several security tools for testing services externally and internally
  • Baswareservices are also tested by an external security company. General level statement of external security testing is available for customers on request.

Security Testing by the Customers

  • Depending on agreed Service Level, Customers are welcome to engage security testing of Basware Services following agreed processes and practices. For further details please contact your Customer Support Manager

ISO 27001:2013 Certification

Our ISO 27001:2013 certification demonstrates our commitment to security, which is verified through independent certifications audits. 

More about Basware’s ISO 27001:2013 Certification >

Download ISO 27001:2013 Certification >

Security and Privacy Contacts

Security Incidents

You can create a case in the Customer Support Portal. Alternatively you can contact the Basware Security team directly at:


For specific requests, questions and concerns email Alternatively, visit our GDPR commitment.

Responsible Disclosure for Security Vulnerabilities

Ethical or Code of Conduct Issues or Concerns