Our compliance certifications

Anyone who uses the cloud or SaaS (Software as a Service) services cannot avoid thinking carefully about the security of data that is stored or processed in the cloud. Information security certifications are an important indicator of well-regulated information security. In general, it can be said that your data is safe with cloud suppliers with a certification. Certifications are only awarded if organizations work according to strict procedures and thus demonstrably have the working method in order.

We as Exact have multiple certifications and third-party attestations like ISO27001, ISO9001 & ISAE3402


ISO27001 is an ISO standard for information security. This International Standard applies to all types of organizations (for example, commercial enterprises, government agencies, non-profit organizations). The standard specifies requirements for establishing, implementing, executing, monitoring, assessing, maintaining, and improving a documented Information Security Management System (ISMS) in the context of the general business risks to the organization. The standard specifies requirements for the implementation of security measures that are adapted to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the choice of adequate and proportionate security measures that protect the information and provide confidence to stakeholders.

We also have an ISMS within Exact which meets the requirements of ISO27001:2013.

The certificate and associated statement of applicability for our ISMS, can be downloaded via the links below:

Weclapp and Gripp are also certified for ISO27001. The certificates for these products can be requested by filling in this form.


ISO 9001 is a globally recognized standard for quality management that helps organizations of all sizes and sectors to improve their performance, meet customer expectations, and demonstrate their commitment to quality.

Exact Customer Success Delivery has been certified as ISO 9001 compliant after undergoing an audit by an independent third party. This certification demonstrates Exact’s commitment to delivering high-quality customer support and meeting the needs of customers and applicable statutory and regulatory requirements.

The certificate, can be downloaded via the link below:


The ISAE3402 is an international standard. In an ISAE3402 report, the management of the service organization issues a formal statement (a so-called 'management assertion') for its responsibility for the control measures contained in this statement.

The ISAE3402 standard has two types of reports:

  • Type I: For the design and existence of management measures.
  • Type II: In addition to the design and existence, the effective operation of the management measures for a certain period has also been demonstrated.

Exact products and services have several ISAE3402 Type II reports. The reporting and description of testing of controls are available only to existing customers or to auditors of existing customers. These reports (including those for other Exact products) are not free to download but are only sent on request. You can do this through your account manager or through support.

The following ISAE3402 reports are available:

  • ISAE3402 – Exact SaaS products, including a.o. Exact Online & Salary Cloud
  • ISAE3402 – Exact Cloud Services
  • ISAE3402 – Exact Payments Services

The request for the ISAE3402 report can be made via the Support Portal.

EN Select your country