Security Statement

We are committed to comply to all relevant legislation, such as the General Data Protection Regulation (GDPR). A key mechanism in managing information security is our Risk and Compliance Committee (RCC), that monitors security processes and discusses security incidents, after being detected and analysed by our information security officers. The compliance committee is chaired by our Chief Financial Officer.

At Exact we don’t pretend to be able to prevent all security incidents. Incidents can and will occur occasionally. When they do, we are dedicated to being transparent about them. We believe this is the best way to maintain the trust of our customers. We obviously work hard to make sure incidents are as rare as they can be. To this end, our processes are audited regularly. You can request the assurance reports via our support channels. Please see our ISO 27001 / ISAE3402 page for more information.

We take substantial efforts to protect the confidentiality of personal data, preferences and other information. To protect this information, we make substantial investments in our server, database, backup and firewall technologies. For more information, please see the Privacy Statement.

To help prevent abuse through phishing or malware, we offer a mandatory extra security layer: Two-Factor Authentication. By using this technique, we provide maximum support for online safety – which is crucial to us. This means that, in addition to your username and password, you will need to add an extra piece of information that is only available to you as a user. This makes any misuse of your data much more difficult.

For many Exact products and services, like Exact Online and Exact Cloud Services, our development and operational management processes are tested annually by highly qualified independent experts. This results in an independent assurance report (ISAE 3402 type 2) that ensures our customers that our software is reliable and secure. Please see our Our compliance certifications page for more information.

Also, the safety of Exact products and services, is determined at least annually via a “pentest” – an investigation to identify if software contains security related vulnerabilities. We have processes in place to take necessary actions if findings are reported.

Our public cloud-based products and services are hosted on Amazon Web Services and/or Microsoft Azure. Both cloud providers are market leaders and known to offer top notch security. Working with our solutions is always through a secure connection. It is encrypted according to industrial standards.

For our Exact products and services, we follow strict security guidelines and implementation, but we also demand (and ask for proof of) compliance to these security standards from all suppliers we use in services to our clients.

Exact welcomes questions or comments about this Security Statement. If you have any questions or comments about this Security Statement or need to receive our compliance report for audit purposes, please send an email to security [at] exact [dot] com with all relevant details. Responsible disclosures can be reported here.