Autodesk commits to delivering trustworthy cloud services. We impose rigorous internal standards for the A360 Managed Services listed below to safeguard the availability, confidentiality, privacy, and security of our customers’ data in the cloud. Please note that there are some Autodesk services, including some that are branded as “360,” that are outside the scope of the Trust Center. Autodesk Security Operations, a specialized team of Autodesk information security experts, manages certain Autodesk cloud services that they have determined uniformly apply the practices and protections described in this Trust Center, as follows:
Throughout the Trust Center, these services are referred to as the “A360 Managed Services.” The information in this Trust Center does not apply to Autodesk services not listed above. In addition, the Trust Center does not apply to services labeled “Beta” or “Technology Preview” or to any service provided by third parties, including third-party services that A360 Managed Services may enable access to or use of but that are not provided by Autodesk. Over time, other services provided by Autodesk may be added to this list as we continue to coordinate our infrastructure and operations. We encourage you to check back for updates. (View terms of service for Autodesk services not listed above.)
Autodesk Security Operations is responsible for the daily operation of the A360 Managed Services. Members of the team belong to these professional organizations and have the following certifications:
For the A360 Managed Services, the Autodesk Security Operations team may:
Autodesk Security Operations requires that U.S. accounting firms conducting audits on the A360 Managed Services be accredited by the American Institute of Certified Public Accountants (AICPA).
For information about Autodesk policies on sharing your personal information with third parties, refer to the Privacy page.
Autodesk has been delivering Software as a Service (SaaS) applications, such as Autodesk® Buzzsaw®, since 1999. Buzzsaw is cloud-based document, design, and data management software for securely exchanging architecture, engineering, and construction (AEC) project information across stakeholders, companies, and geographies. Buzzsaw offers customers self-service access via the Internet and features resource pooling and on-demand storage according to a usage-based fee schedule.
Autodesk performs regular audits of the A360 Managed Services. We audit in accordance with the Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (SSAE16), and specifically the Service Organization Control (SOC) 2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy. SSAE16-SOC2 reports provide users with information about SaaS operations and applications, particularly system controls intended to meet the criteria for the security and availability principles set forth in AICPA Technical Practice Aids—Trust Services Principles, Criteria, and Illustrations (TSP), Section 100 (applicable trust services criteria).
To read the full Autodesk SSAE16-SOC2 audit report (requires a signed Autodesk nondisclosure agreement), contact Autodesk at email@example.com. Read more detailed information about the SSAE16 standard on the AICPA website.
A note about State on Auditing Standards 70 Type II (SAS70 Type II): Autodesk provisions data centers that host the A360 Managed Services to maintain Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (SSAE16)—the latest SAS 70 replacement. Autodesk conducted the first SAS70 attestation in July 2007 and continues to perform audits under the current SSAE16 standard.
Autodesk views ISAE 3000 as an excellent platform for establishing basic principles and procedures when conducting assurance engagements, such as ISAE 3402. To learn more, read ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information.
Autodesk has been performing independent security reviews (ISRs) since 2005. To read a recent ISR summary (requires a signed Autodesk nondisclosure agreement), contact Autodesk at firstname.lastname@example.org.