Security Assurance From SAS

Your partner in application security.

At SAS, we engineer our software to protect your data and your business. The SAS® Software Security Framework incorporates industry best practices and defines the guiding principles for our secure product development life cycle. From engineering all the way through vulnerability remediation, we are committed to ensuring that our products continually meet the business and security needs of our customers.

GDPR is here – and your readiness is our priority.

GDPR is here – and your readiness is our priority.

SAS has been proactive with our own GDPR compliance, so we can focus on our customers.

We engaged in understanding and helping shape General Data Protection Regulation (GDPR) well before the regulation was adopted. As a result, SAS and its affiliates are implementing a full GDPR compliance program. GDPR requires data controllers and processors to put technical and organizational measures in place that ensure appropriate levels of security and manage risk, so our program includes comprehensive reviews of our business processes, systems and practices that interact with GDPR-regulated personal data across all divisions.  

We can partner with you on your GDPR journey.

Depending on your specific privacy and security needs, data environment and implementation requirements, we can customize our solutions to best meet your GDPR compliance needs. Here are three solutions we recommend.

The SAS® Platform is engineered with the philosophy of privacy-by-design in order to meet key GDPR articles. The security of processing, data protection by default, data governance and management are all key components of the platform that we build to enable our customers, as data controllers, to make informed decisions about protecting the rights of data subjects and take action accordingly in solutions.

SAS® Visual Analytics inherits and builds upon the privacy-preserving features of the platform by providing customers the key data processing, analysis, and reporting tools they need on their GDPR compliance journey.

Our software security framework is designed to protect you.

Security issue identification and resolution.

A foundation of education rests at the heart of the SAS Software Security Framework to ensure that everyone responsible for creating, testing and implementing SAS technology shares a common perspective on security. And education about security is available in many forms – from training classes and mentoring programs, to guidelines for development standards, to collaboration between development teams and IT, and beyond.

Architecture and design.

Secure software begins with product design. SAS developers work with a specialized security architecture team to plan new features built on strong security architecture options. Design reviews and checkpoints help SAS engineers ensure that they are incorporating secure design concepts into SAS products. And the architectural design helps developers maintain critical security properties, as well as proactively address known security weaknesses.

Development standards, testing and validation. 

We adhere to strict development standards and perform a variety of testing and validation processes that include both internally developed and third-party scanning and vulnerability tools.

Product security response and remediation.

Our commitment to security doesn't end when a product is released. Our Product Security Incident Response Team (PSIRT) investigates possible post-release security vulnerabilities, prioritizes any identified incidents based on potential severity, and mobilizes resources to address them. To get the latest security updates and status reports, download SAS Security Bulletins. 

Recommended Resources

Read more about our commitment to data privacy with the SAS® Trust  Center.

Learn about our dedication to responsible innovation.

Read The Quality Imperative: SAS Institute's Commitment to Quality.