Register

Unlock 2026: The Great Restack

Learn More
Akeneo-Logo Akeneo-Logo
Start Free TrialStart Free TrialStart Free Trial Request a DemoRequest a DemoRequest a Demo

Security: A Continuous Commitment, Not a Milestone

At Akeneo, we continuously strengthen our information security program and integrate security into all our operations. Our processes, products, and culture are designed to protect customer data, ensuring that security is an integral part of how we build, operate, and innovate. Our security program follows a principle of continuous improvement, combining strong governance, employee awareness, and robust technical controls to ensure the confidentiality, integrity, and availability of customer data.

Certifications and Compliance

Akeneo’s commitment to security is backed by its ISO 27001:2022 certification and SOC 2 Type I compliance. Together, these frameworks ensure well-designed, effective controls and reinforce our commitment to trust, transparency, and resilience across all products and services.

ISO 27001:2022 Certified

Akeneo’s Information Security Management System (ISMS) is certified to ISO 27001:2022 by an independent accredited auditor. This certification covers our organization, infrastructure, policies, and products, confirming that our information security practices meet globally recognized standards.

SOC 2 Type I Attested

Akeneo is SOC 2 Type I compliant, demonstrating our commitment to robust security and industry best practices. This independent attestation confirms that our controls are properly designed and independently verified.

Data Privacy Commitments

We comply with global data protection laws including the GDPR (EU) and CCPA (U.S.). At Akeneo, personal data processing is limited, purpose-driven, and contractually framed. We only process professional personal data (such as business email addresses and login identifiers) where strictly necessary to deliver and support our products and services in a B2B context.

Governance and Leadership

Akeneo’s security program is led by the Director of Information Security, supported by the Security and Compliance team, and regularly reviewed by Akeneo’s senior leadership, including our CTO and CPO. This team defines, enforces, and continuously reviews security policies via our Information Security Management System (ISMS), integrating controls aligned with ISO 27001:2022, SOC 2, and GDPR requirements.

Regular internal and external audits, risk assessments, and management reviews ensure that our program evolves with emerging threats and business needs.

How We Protect Customer Data

  • All employees receive mandatory security awareness training upon onboarding and periodically thereafter.
  • Technical roles (engineering, operations, support) complete specialized training on secure coding, cloud security, and incident response.
  • Phishing simulations, tabletop exercises, and periodic awareness campaigns reinforce our security culture.

  • Access to production and internal systems is secured through Single Sign-On (SSO) via a best in class IdP, combined with Multi-Factor Authentication (MFA).
  • Role-Based Access Control (RBAC) ensures users have only the permissions they require.
  • Periodic access reviews are performed, and time-bound access is automatically revoked once no longer needed.

  • Akeneo’s production environments are hosted on Google Cloud Platform (GCP), benefiting from Google’s security standards.
  • Segregation of environments is enforced via network segmentation at both the project and environment levels within Google Cloud Platform (GCP). Development and production environments are fully isolated in separate GCP projects to ensure strict separation of resources, access, and data flows.
  • Public exposure is restricted to HTTPS-only endpoints, and all network activities are continuously monitored via a Security Information and Event Management (SIEM).
  • Firewall rules and VPC configurations are defined and version-controlled.

  • All company laptops are managed and monitored via a Unified Endpoint Management (UEM) solution and protected by Endpoint Detection and Response (EDR) tools.
  • Security measures include disk encryption, screen-lock enforcement, automatic patching, and web-filtering.

  • Customer data backups are encrypted, immutable, replicated across multiple regions, and tested regularly.
  • Recovery Point Objective (RPO): ≤ 24 hours | Recovery Time Objective (RTO): ≤ 4 hours.
  • Annual Disaster Recovery Plan (DRP) simulations validate effectiveness under our Business Continuity Framework.

Security is embedded in Akeneo’s Software Development Life Cycle (SDLC).

  • Secure by Design: Security is considered from the earliest stages of application design. We assess potential security impacts upfront to ensure risks are identify early and appropriate safeguards are built into our products, creating a strong and secure foundation.
  • Secure Coding: Developers follow OWASP Top 10 and receive continuous secure development training.
  • Code Review & Testing: All commits go through peer review, automated security scanning, and controlled CI/CD pipelines.
  • Dependency Management: Only approved libraries and base images are used, and vulnerabilities are monitored and remediated promptly.
  • Penetration Testing: Independent third-party penetration tests are conducted annually, and findings are remediated according to defined SLAs.

  • Continuous monitoring through our SIEM, and Google Cloud audit logs detects anomalies or suspicious activity.
  • A dedicated Incident Response Plan defines escalation paths, communication protocols, and containment procedures in line with ISO 27001, SOC 2, and security best practices.
  • Incidents are tracked in our ticketing system, lessons learned are reviewed in post-mortems and integrated into our continuous improvement process.
  • The Security Team conducts periodic tabletop exercises to validate readiness.

  • Encryption: All customer data and backups are encrypted in transit (TLS 1.3) and at rest (AES-256) in Google Cloud Platform.
  • Data Segregation: Each customer’s data is logically isolated at both the application and database level.
  • Access to Customer Data: Akeneo personnel may access customer environments solely for troubleshooting or support, under strict authorization and auditing.
  • Privacy by Design: Akeneo’s solutions are built to primarily process product data rather than end-user personal data. In normal use, personal data is limited to user account details (such as names and email addresses). If customers choose to store additional personal data in the platform, it is protected by the same security controls as all other data, while customers, as data controllers, remain responsible for meeting their own obligations under applicable data protection laws.

Security is a shared responsibility between Akeneo and its customers:

  • Akeneo secures the platform, infrastructure, and operations.
  • Customers manage user access, data accuracy, and integrations (APIs, middleware).
  • We encourage customers to enable SSO, use strong authentication, and store only product-related data.

Security evolves constantly. Akeneo continuously refines its controls based on:

  • Audit results and risk assessments.
  • Emerging cybersecurity trends and threat intelligence.
  • Feedback from customers, partners, and auditors.

Our commitment is simple: your trust is our most valuable asset.

Akeneo’s approach to AI security builds on the same foundations that support our ISO 27001:2022 certification and SOC 2 Type I compliance. AI features are built into our governance, risk management, and secure development processes. Key controls include:

  • Integrated Governance: AI risks and controls are managed via our certified Information Security Management System (ISMS), ensuring all AI-related changes are reviewed and documented.
  • Secure Architecture: Safeguards like Prompt Encapsulation Layer and Strict Multi-Tenant Data Isolation protect customer data and prevent cross-tenant access.
  • Data Protection: Akeneo uses enterprise-grade AI APIs that prohibit data use for model training. All data, including prompts and responses, is encrypted in transit (TLS 1.3+) and at rest (AES-256).
  • Continuous Validation: AI features are covered by our vulnerability management, penetration testing, and AI-specific threat modeling.
  • Regulatory Alignment: Akeneo monitors and aligns, as needed, with emerging AI frameworks (EU AI Act, ISO 42001), ensuring our practices remain consistent with global standards for trustworthy and transparent AI.

Security FAQ

This section provides clear answers to key security, compliance, and data-protection topics that are essential for understanding how Akeneo protects customer data, manages risk, and maintains trust across its products and services.

Akeneo maintains a formal security program aligned with internationally recognized standards. We are ISO/IEC 27001:2022 certified and SOC 2 Type I compliant, and we support GDPR and other applicable regulatory requirements.

Yes. Akeneo’s security program is led by the Director of Information Security, supported by a Compliance Lead and a dedicated Security team, and regularly reviewed by senior leadership.

Akeneo processes only minimal amount of professional personal data (e.g., name and business email) needed for authentication, access management, and support. By default, we do not process sensitive personal data, and all data is handled in line with contractual and regulatory requirements.

Customer data is encrypted in transit using TLS 1.2+ and encrypted at rest (including backups) using AES-256.

Akeneo supports SSO using SAML 2.0 and OpenID Connect, with integration to major identity providers (e.g., Okta, Azure Active Directory, Google Workspace). MFA is enforced for employees and admins, and role-based access control (RBAC) is applied following least-privilege principles.

Akeneo runs a layered vulnerability management program that includes annual third-party penetration testing, continuous automated vulnerability and dependency scanning, and security controls built into our secure development lifecycle.

Akeneo operates a documented Incident Response Plan (IRP) and Business Continuity framework (BCP) supported by centralized logging and real-time monitoring via a Security Information and Event Management (SIEM) system. Trained teams follow defined escalation paths and playbooks, with post-incident reviews driving continuous improvement.

Akeneo manages third-party and subcontractor security through a formal risk-management program that includes security assessments for suppliers, contractual security and confidentiality requirements, and least-privilege access controls.

Yes. Security documentation, including ISO 27001 certificate and SOC 2 report, is available to customers and prospects under NDA.

Akeneo’s security program is regularly reviewed through two independent audits each year (ISO 27001 compliance), and is complemented by an annual security risk assessment to continuously identify and address risks.

Contact & Resources

For more information or to request security documentation (e.g., ISO 27001 certificate, SOC 2 Type I report, or security white papers), please contact your Account Executive, Customer Success Manager (CSM), or Partner Manager.