Security Assessments
Nextedy Apps have undergone the following security evaluations:Siemens IT Security Review
Nextedy Apps are approved for deployment on Polarion X (Siemens-managed SaaS). The Siemens IT security review evaluated the app architecture, data handling, and third-party dependencies before granting clearance.Cybersecurity Governance Assessment (CGAQ)
Nextedy has completed the Siemens Cybersecurity Governance Assessment Questionnaire, which covers organizational security practices, development processes, incident response capabilities, and supply chain management.Threat and Risk Analysis
A formal Threat and Risk Analysis identified potential attack vectors and defined over 40 security controls. These controls address areas including input validation, access control enforcement, session management, and dependency security.Static Analysis and Dependency Scanning
| Assessment | Tool | Result |
|---|---|---|
| Static Application Security Testing | SonarQube | 0 critical issues |
| Open-source vulnerability scanning | Snyk | 0 high/critical vulnerabilities |
| Functional test coverage | Automated suite | 98% pass rate |
Why No Independent ISO 27001 or SOC 2?
Nextedy Apps run entirely within the Polarion platform. They do not operate independent infrastructure, manage their own data stores, or provide standalone network services. The security boundaries that ISO 27001 and SOC 2 typically assess (data centers, network controls, access management systems, backup infrastructure) are all provided by the Polarion platform. For on-premise deployments, the customer’s own ISO 27001 or SOC 2 certification covers the infrastructure. For Polarion X, Siemens maintains the relevant certifications for the managed platform. Nextedy’s security assurance is demonstrated through the Siemens security review, CGAQ, threat analysis, and continuous code-level scanning described above.Industry Relevance
Nextedy Apps are used by teams working under stringent regulatory frameworks. The app security model supports compliance with:| Standard | Domain | How Nextedy Supports It |
|---|---|---|
| ISO 26262 | Automotive functional safety | FMEA and HARA workflows in Risksheet maintain full audit trail in Polarion |
| DO-178C / ARP 4754A | Aerospace software and systems | Requirements traceability and risk analysis with versioned artifacts |
| IEC 62304 | Medical device software | Risk management and traceability matrices stored in validated Polarion environment |
| ISO/SAE 21434 | Automotive cybersecurity | TARA workflows for threat analysis and risk assessment |
| IEC 61508 | Industrial functional safety | Hazard analysis and safety integrity level tracking |
Nextedy can provide security documentation packages on request, including the Threat and Risk Analysis summary, SBOM, and assessment results. Contact security-alerts@nextedy.com for details.