Security at Spryker

Security is deeply anchored into the DNA of Spryker's cloud products and processes. Spryker is very aware, that the world is currently experiencing an unprecedented increase in cyberattacks. While it is always a good policy to put technical protection in place (which we do), it is even more important to build a culture of security awareness and train the staff accordingly. Our employees, customers and partners can be sure, that Spryker takes Information Security seriously.

Managing data responsibly is of highest priority. The Spryker platform has been built as a truly cloud-based, multi-tenancy platform and runs in certified data centers at several locations in Europe, the US and APAC. All internal processes, infrastructure and development are closely following security-based guidelines and principles.

Physical Security

Data Center: The Spryker platform is hosted on Amazon Web Services (AWS) and guarantees the implementation following highest standards. Spryker regularly runs vendor assessments, our partners.

Network Security

Spryker makes sure, that all cloud traffic is protected by state-of-the art methods including encryption. Access to our internal office network is controlled, limited and monitored, communication is encrypted, Antivirus-tools, MDM and firewalls are mandatory for every user.

Training and Awareness

Spryker offers a wide variety of trainings, workshops and programs to make sure, that our team is aware of the latest in Security and Privacy.

Backup and Recovery

Spryker utilizes geographically separate environments to ensure protection from data loss, provide reliability and constant uptime of our systems. Backups are encrypted and stored on different storage media than production following strict guidelines and audited processes.

Operational Security

Spryker has implemented policies and procedures, managed by our ISO 27001: 2013-certified Information Security Management System (ISMS). In addition, our procedures are controlled and audited in a SOC-2 report.


ISO/IEC 27001

ISO 27001 is a specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes. DOWNLOAD ISO/IEC 27001 Certificate

SOC 2 Type 1

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to the security of our cloud service. Spryker holds a SOC 2 Type 1 report with type 2 soon to be released. If you would like to receive our SOC-2 Type 1 report, please send us an email to [email protected] and explain your use case and request in a few sentences. We will then send you a link to download a personal version of our report. Click on the "Request Report" link below to get started.