Where applicable, you can see country-specific product information, offers, and pricing.

Change country/language X

Education

North America

South America

Close

Operations

Autodesk cloud services covered by the Trust Center

Autodesk commits to delivering trustworthy cloud services. We impose rigorous internal standards for the A360 Managed Services listed below to safeguard the availability, confidentiality, privacy, and security of our customers’ data in the cloud. Please note that there are some Autodesk services, including some that are branded as “360,” that are outside the scope of the Trust Center. Autodesk Security Operations, a specialized team of Autodesk information security experts, manages certain Autodesk cloud services that they have determined uniformly apply the practices and protections described in this Trust Center, as follows:

Managed Services

Throughout the Trust Center, these services are referred to as the “A360 Managed Services.” The information in this Trust Center does not apply to Autodesk services not listed above. In addition, the Trust Center does not apply to services labeled “Beta” or “Technology Preview” or to any service provided by third parties, including third-party services that A360 Managed Services may enable access to or use of but that are not provided by Autodesk. Over time, other services provided by Autodesk may be added to this list as we continue to coordinate our infrastructure and operations. We encourage you to check back for updates. (View terms of service for Autodesk services not listed above.)

 

Autodesk Security Operations

Autodesk Security Operations is responsible for the daily operation of the A360 Managed Services. Members of the team belong to these professional organizations and have the following certifications:

  • ISC2 (International Information Systems Security Certification Consortium)
  • CISSP (Certified Information Systems Security Professional)
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)

For the A360 Managed Services, the Autodesk Security Operations team may:

  • Review security plans for the cloud services’ networks, systems, and services using a rigorous, multiphase process
  • Conduct security design and implementation-level reviews of the cloud services
  • Assess security risks as part of the team’s continuous improvement process
  • Monitor cloud services for suspicious activity and follow formal incident response processes to quickly address risks
  • Drive compliance with established policies through routine security evaluations and internal audits
  • Engage outside security experts to conduct regular security assessments of the cloud services’ infrastructure and applications
  • Conduct vulnerability management as a component of the A360 Security, Trust, and Assurance Program
  •  

     

     

     

Independent service practitioners

Autodesk Security Operations requires that U.S. accounting firms conducting audits on the A360 Managed Services be accredited by the American Institute of Certified Public Accountants (AICPA).

Third parties

For information about Autodesk policies on sharing your personal information with third parties, refer to the Privacy page

Autodesk cloud history

Autodesk has been delivering Software as a Service (SaaS) applications, such as Autodesk® Buzzsaw®, since 1999. Buzzsaw is cloud-based document, design, and data management software for securely exchanging architecture, engineering, and construction (AEC) project information across stakeholders, companies, and geographies. Buzzsaw offers customers self-service access via the Internet and features resource pooling and on-demand storage according to a usage-based fee schedule.

Audits and compliance

Autodesk performs regular audits of the A360 Managed Services. We audit in accordance with the Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (SSAE16), and specifically the Service Organization Control (SOC) 2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy. SSAE16-SOC2 reports provide users with information about SaaS operations and applications, particularly system controls intended to meet the criteria for the security and availability principles set forth in AICPA Technical Practice Aids—Trust Services Principles, Criteria, and Illustrations (TSP), Section 100 (applicable trust services criteria).

To read the full Autodesk SSAE16-SOC2 audit report (requires a signed Autodesk nondisclosure agreement), contact Autodesk at trust@autodesk.com. Read more detailed information about the SSAE16 standard on the AICPA website.

A note about State on Auditing Standards 70 Type II (SAS70 Type II): Autodesk provisions data centers that host the A360 Managed Services to maintain Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (SSAE16)—the latest SAS 70 replacement. Autodesk conducted the first SAS70 attestation in July 2007 and continues to perform audits under the current SSAE16 standard.

Autodesk views ISAE 3000 as an excellent platform for establishing basic principles and procedures when conducting assurance engagements, such as ISAE 3402. To learn more, read ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information.

Autodesk has been performing independent security reviews (ISRs) since 2005. To read a recent ISR summary (requires a signed Autodesk nondisclosure agreement), contact Autodesk at trust@autodesk.com.