Security and Trust Center

Description

Cyber Essentials is a UK Government-backed framework that helps protect organizations from many different cyber attacks.  

Dell’s certificate certifies that the organization was assessed as meeting the Cyber Essentials implementation profile for its UK locations supporting the UK Public sector.  

Download Certificate

Description

Dell has completed the CyberGRX assessment, validated by CyberGRX strategic partners Deloitte and Touche and KPMG.

The CyberGRX assessment methodology identifies both inherent and residual risk and uses near real time threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture.

The CyberGRX Risk Assessment may be requested here.

Description

CyberVadis has completed an assessment of Dell Technologies corporate security environment to validate the design and implementation of controls.

CyberVadis is a scalable solution for managing third-party cybersecurity risk assessment process. CyberVadis is based on a methodology that maps to all major international compliance standards, including GDPR, NIST, NY DFS, CCPA, and many more. It combines the speed of automation with the accuracy and effectiveness of a team of experts. 

To access the report, please contact your dedicated sales and service representative.

Description

Health Information Trust Alliance (HITRUST) is a data protection standards and development certification organization designed to assist healthcare providers, business associates, and vendors in safeguarding sensitive data and managing IT risk.

HITRUST certification enables organizations to demonstrate they are taking a proactive approach to cybersecurity, data protection and risk mitigation. It provides assurance to customers, vendors, shareholders and other third parties that Dell meets high standards in information protection. HITRUST compliance is required by all major healthcare payers in the US. and is leveraged by 81 percent of US hospitals and health systems and 83 percent of health plans.  It is the most widely adopted control framework in the healthcare sector. 

Services in Scope:

Offer	Assurance Level	Report Period Start	Report Period End
Dell-managed APEX Data Storage Services (DM-ADSS)	HITRUST E1	January 22, 2024	January 22, 2025

Description

The Information Security Registered Assessors Program (IRAP) enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC).

The Dell Cloud services that have been IRAP assessed can be found in the table below. An independent IRAP assessor examined the controls including people, processes, and technology against the requirements of the ISM.

In Scope Service Offers

Offer/Service
Dell APEX Backup-as-Service Offerings	Dell APEX Backup Services for SaaS Apps Dell APEX Backup Services for Endpoints Dell APEX Backup Services for Hybrid Workloads

Description

Dell Technologies Global ISO 27001 Multi-Site Certification is an Information Security Management System (ISMS) and encompasses activities which enable the protection of information assets across the enterprise including Dell Technology Services (DTS), Sales, Dell Financial Services (DFS), Dell Infrastructure Solutions Group (ISG) and supporting functions inclusive of the Security & Resiliency Organization (SRO); IT; Facilities Management, Human Resources and Legal, in accordance with the Statement of Applicability.

Services In Scope include, depending on location (please refer to the certificate for details)

Download Certificate     Download Statement of Applicability

Services In Scope include

Services	Description
Managed Services	Managed Services for Infrastructure Solutions e.g. Managed Services for Backup Managed Services for Converged and Hyper-Converged Infrastructure Managed Services for Storage Dell Apex Data Storage Services Dell APEX Cloud Services
Professional Services	Deployment Services for Infrastructure products e.g. ProDeploy Enterprise Plus ProDeploy Enterprise Basic Deployment
Technical Support and Field Services	Support Services for Infrastructure Solutions e.g. ProSupport Enterprise Suite Optional Support Services for Enterprise
Global Configuration Services	End User Configuration & Deployment Services e.g. Imaging Services Asset Tagging Services Asset Reporting Services

Description

An accreditation system for the aerospace, defense and security sectors. The system was established following an initiative led by ADS Group and includes a growing number of prime contractors as registered buyers together with the MoD. JOSCAR is a cross-sector community which reduces the time, cost and resources and duplication needed to provide information to major buying organizations.

Joscar provides a risk management tool that objectively assesses potential vendor risks, proportionally to products and services being provided and across relevant areas of compliance.

This JOSCAR certificate covers all of Dells Products and Services

Description

KY3P^® Assessments* is a third-party assessment solution designed to facilitate the exchange of standardized and validated risk data between service providers and their customers.

KY3P^® has completed an independent comprehensive risk assessment of Dell Technologies corporate security environment to validate the design and implementation of controls. The validation process included structured inquiries regarding design elements and specific requirements, policy, program, and procedure inspections, as well as reviews of supporting evidence. The risk assessments can be leveraged by leading financial institutions globally to accelerate vendor due diligence requirements and cloud adoption. KY3P standardizes and simplifies third party due diligence, provides end-to-end visibility and vigilance needed to protect the supply chain. 

The KY3P^® Dell Technologies Risk Assessment may be requested here.

Description

The O-TTPS Certification Program is to assure customers of the integrity of commercial off-the-shelf (COTS) information and ICT products worldwide and to safeguard global supply chains against increasingly sophisticated security attacks.

Intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain, the certification program helps ensure applicants conform to the O-TTPS standard.

Demonstration of conformance through this independent, voluntary O-TTPS Certification Program process provides formal recognition of an organization’s conformance to this industry standard. Successful applicants will gain certification and can use the Open Trusted Technology Provider trademarked logo.

Dell participates in the O-TTPS Certification Program by completing a self-assessment of its compliance with O-TTPS version 1.1.1 (ISO/IEC 20243:2018).

Products in Scope

Client and IT Infrastructure Products from Dell Technologies, Inc.

Download Certificate here

Description

PCI Data Security Standard (PCI DSS) applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD). PCI DSS is a set of security standard comprises of technical and operational requirements, developed by PCI Security Standards Council (PCI SSC) for protecting payment data. PCI Security Standards Council or SSC, which was founded by 5 major payment brands American Express, Discover, JCB International, MasterCard and Visa Inc with the purpose of developing and driving the adoption of PCI DSS.

Dell Inc. is an eCommerce Merchant and required to comply with PCI Data Security Standard (PCI DSS).  We are a Level 2 Merchant and report PCI compliance status to acquirers through Self-Assessment Questionnaires (SAQ). We perform PCI DSS Assessment annually and the assessment was validated by certified PCI Internal Security Assessor (ISA). Dell Inc. is certified as a PCI DSS Level 2 Merchant.

Description

SOC reports are governed by the American Institute of Certified Public Accountants (AICPA) and focus on offering assurance that the controls service organizations put in place to protect their clients’ assets are effective. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

Dell operates a centrally governed SOC program and SOC reports are specific to our Offers and Services and independently assessed and attested by PwC and Schellman Compliance.

To access the report, please contact your dedicated sales and service representative.

Services In Scope include

Offer/Service	Assurance Level	Report Period Start	Report Period End
AI Ops Infrastructure Observability	Type 2 SOC 2	October 01, 2023	September 30, 2024
Dell Managed Services Platform (DMSP)	Type 2 SOC 2	October 01, 2023	September 30, 2024
Managed Detection & Response (MDR)	Type 2 SOC 2	October 01, 2023	September 30, 2024
Apex AIOps Incident Management Platform	Type 2 SOC 2	April 01, 2024	September 30, 2024
Moogsoft Hosted Platform	Type 2 SOC 2	April 01, 2024	September 30, 2024
Remote Manages Services for Backup, Storage and Converged Infrastructure Services	Type 2 SOC 1	October 01, 2023	September 30, 2024
Remote Manages Services for Backup, Storage and Converged Infrastructure Services	Type 2 SOC 2	October 01, 2023	September 30, 2024
Virtustream Enterprise Cloud (VEC)	Type 2 SOC 2	October 01, 2023	September 30, 2024
Virtustream Federal Cloud (VFC) Services & Virtustream ITAR Cloud (VIC) Services	Type 2 SOC 2	July 01, 2023	June 30, 2024
Wyse Management Suite (WMS)	Type 2 SOC 2	December 01, 2023	September 30, 2024
Modular Managed Services (MMS)	Type 1 SOC 2	As of December 20, 2024

Description

Dell participates in Swift’s Customer Security Programme (CSP) to help financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually.

With solid attestation and compliance rates, the CSP reflects a community of highly engaged users committed to stopping cyberattacks in their tracks. And, as the cyber threat landscape evolves, so too does the CSP.

You can also find more info here Customer Security Programme (CSP) | Swift

Description

Trusted Information Security Assessment Exchange (TISAX) is the standard to prove to the automotive industry that the information entrusted to Dell Technologies is secure and conforms to a defined level of information security requirements according to the German Association of the Automotive Industry (VDA ISA). TISAX is a registered trademark and governed by the ENX Association. The ENX portal is used as an exchange mechanism to share Dell’s assessment results with the automotive industry.

Dell’s scope ID on the ENX portal is  SM3WTP. This will provide you with a summary of our overall assessment results for the Professional, Managed & Field Services teams at the following locations in Germany:

Dell GmbH Frankfurt am Main Unterschweinstiege 10, 60549 Frankfurt am Main, Germany

Dell GmbH München (Ismaning) Osterfeldstrasse 84, 85737 Ismaning, Germany

Dell GmbH Stuttgart (Leonberg)  Neue Ramtelstraße 4,  71229 Leonberg, Germany