3DEXPERIENCE Trust Center

Work confidently on the cloud with our 3DEXPERIENCE platform SaaS solutions.

Trust is essential to your business

At Dassault Systèmes, we put security, privacy and quality at the heart of our 3DEXPERIENCE platform operations.
Our ISO-certified management systems power our reliable and scalable cloud platform with state-of-the-art practices — critical enablers of your business success.

Security

Multi-faceted and proactive cybersecurity management

Privacy

Secure handling and processing of personally identifiable information (PII)

Quality

Traceable software development lifecycle to control software changes

 

We understand that safeguarding your data and intellectual property is your highest priority. Rest assured that it's ours as well. We have established a security program to defend every level of your cloud implementation using the highest standards available.

ISO/IEC 27001:2022 Information Security Management for Dassault Systèmes IT

Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system and includes requirements for the assessment and treatment of information security risks. The scope of our certification includes development, maintenance, operations, and support of the Dassault Systèmes working environment and information technology and information systems applications aiming to deliver services to all Dassault Systèmes users.

ISO/IEC 27001:2017 Information Security Management for 3DEXPERIENCE platform SaaS

Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system and includes requirements for the assessment and treatment of information security risks. The scope of our certification includes design, development, delivery, deployment, cloud operations and support of the 3DEXPERIENCE platform SaaS.

RFC 2350

Provides a description of Dassault Systèmes’ Computer Security Incident Response Teams (CSIRT) in accordance with RFC 2350.

Shared Responsibility Model

Dassault Systèmes Shared Responsibility Model defines the areas of responsibilities between  Customer and 3DS in terms of operational security and compliance related to the Online Services. 

Dassault Systèmes Vulnerability Reporting

Dassault Systèmes takes vulnerability disclosure seriously and values the role of independent security researchers.

Vulnerability Testing

As part of our measures to continuously monitor and mitigate vulnerabilities, we apply comprehensive risk assessment to identify, analyze and evaluate risks and select risk treatment controls based on NIST SP 800-53, ISO/IEC 27001 and ISO/IEC 27701. We employ a multi-layer vulnerability management system based on NIST best practices, combining external and in-house systems for identifying, testing and controlling vulnerabilities.

A major part of our vulnerability management system is our usage of network and vulnerability scanners. If a vulnerability requiring remediation has been identified, it is logged and prioritized according to severity, then tracked until it has been remediated. We use static code analysis (SAST), dynamic analysis (DAST), intensive manual penetration tests and private bug bounty programs in addition to controls based on OWASP best practices to continually add new security measures against potential threats.

Third Party Vulnerability Assessment CertificateCertificate Date
3DEXPERIENCE Platform Security Assessment R2024xGA02-OCT-2023
3DEXPERIENCE Platform Security Assessment R2023xGA19-DEC-2022
3DEXPERIENCE Platform Security Assessment R2022x19-JULY-2021
3DEXPERIENCE Platform Security Assessment R2021x-FD0322-OCT-2020

 

3DEXPERIENCE Platform Application Security

3DEXPERIENCE Platform Cloud Security and Privacy