Infor Cloud security

Infor® takes security seriously. We have the tools, processes, and policies in place to safeguard the confidentiality, integrity, and availability of Infor products, services, and customer data.

Not only are security requirements for each Infor Cloud product defined and architected into the software design, they are constantly reviewed, tested, and updated to help ensure threats and vulnerabilities are mitigated.

A cloud environment is only as secure as its weakest link in the cloud security chain. Infor Cloud employs a “defense-in-depth” strategy. Multiple layers of overlapping security safeguard customer data through each link of the chain. These security controls are enforced by a team of specialists who continuously monitor and improve Infor Cloud security posture to stay ahead of threats and vulnerabilities.

Our dedicated Infor Cloud security staff works 24/7, vigilantly monitoring the cloud environment. If a customer requires more active collaboration to address security issues or concerns, our staff is readily available and easily engaged.

The Infor Cloud team is committed to protecting the privacy of customer data. Specific security/privacy policies, procedures, and technical controls are applied to our operations to ensure we provide unparalleled support, without infringing on confidentiality. The National Cyber Security Alliance has recognized this commitment, naming Infor a 2019 NCSAM Champion organization

Application security

  • Apply, review, and update security best practices
  • Top 10 Open Web Application Security Project (OWASP)-based code review
  • Formal configuration and change management practices via enforced and audited processes
  • Vulnerability and penetration testing throughout product lifecycle

Network security

  • Security principles of “least privilege” and “need to know” enforced by Role Based Access Controls (RBAC)
  • Rigid protocols enforce security even when customers use compromised systems or don’t apply security best practices
  • Infor Cloud is separate from Infor corporate network
  • Proactive defense
  • Real-time monitoring
  • Firewall segmentation
  • Two-factor authentication supported
  • Digital certificates ensure Infor Cloud sessions occur only with authenticated systems

Physical security (IAAS PARTNER data centers)

  • Biometric-protected
  • Guard-controlled access with man-trap technology
  • Registered guest restrictions
  • Locked cage spaces
  • Closed-circuit television monitoring
  • Additional systems for physical intrusion monitoring, detection, and alerting

Infrastructure security

  • Restricted access
  • Limited user-account permissions
  • Hardening and managed patching of operating systems
  • Separation of server duties and least privilege access
  • Backup management

Incident recognition and response

  • Monitoring, characterizing, reporting, and automated logging of system activity and events
  • Intrusion Protection Engine captures and analyzes intrusion attempts
  • Technical escalation and customer notification paths
  • Collaboration with customers to investigate attempts at intrusion—whether accidental or purposeful.

Encryption and privacy

  • In-transit data encrypted using appropriate mechanisms that include TLS, PGP, and secure FTP
  • Data-at-rest encrypted using database, file system, or other appropriate encryption capabilities
  • Infor Privacy

Dynamic password management

  • Centrally managed passwords
  • Forced password change
  • Unsuccessful password attempts and patterns registered, network management staff automatically alerted

Data ownership

  • Customers own their data—if an engagement should terminate, the data is returned to the customer
  • Customer data not captured by monitoring processes

Compliance, policies, and best practices

Infor SaaS Solutions

  • SOC 1
    • Multi-tenant SaaS
            April 1, 2018 to March 31, 2019—Report available end of June
            October 1, 2018 to September 30, 2019—Report available end of November
    • Single-tenant SaaS and hosted environments
            June 1, 2018 to May 31, 2019—Report available end of July
            December 1, 2018 to November 30, 2019—Report available January
  • SOC 2
    • Multi-tenant SaaS
            October 1, 2018 to September 30, 2019—Report available end of November
  • CSA

Infor Government SaaS


Specific Infor Applications/SaaS Solutions

Please click on the link to see the latest solutions certified for ISO 27001

Security vulnerability reporting

Security is important for Infor and its customers, and we work hard to maintain secure customer environments. If you are a security researcher and would like to report a security flaw, please send us an email at with your name and contact information. Please use PGP; here is our key. Please provide technical details to help us reproduce the vulnerability. We will verify each vulnerability, we will respond to legitimate ones, and we will work to remediate them. We thank you for the coordinated disclosure.