Security Assessments
Nextedy products have undergone the following security evaluations:Siemens IT Security Review
Nextedy products are approved for deployment on Polarion X (Siemens-managed SaaS). The Siemens IT security review evaluated the product architecture, data handling, and third-party dependencies before granting clearance.Cybersecurity Governance Assessment (CGAQ)
Nextedy has completed the Siemens Cybersecurity Governance Assessment Questionnaire, which covers organizational security practices, development processes, incident response capabilities, and supply chain management.Threat and Risk Analysis
A formal Threat and Risk Analysis identified potential attack vectors and defined over 40 security controls. These controls address areas including input validation, access control enforcement, session management, and dependency security.Static Analysis and Dependency Scanning
These scans run continuously as part of the development pipeline. Results are reviewed before each release.
Why No Independent ISO 27001 or SOC 2?
Nextedy products run entirely within the Polarion platform. They do not operate independent infrastructure, manage their own data stores, or provide standalone network services. The security boundaries that ISO 27001 and SOC 2 typically assess (data centers, network controls, access management systems, backup infrastructure) are all provided by the Polarion platform. For on-premise deployments, the customer’s own ISO 27001 or SOC 2 certification covers the infrastructure. For Polarion X, Siemens maintains the relevant certifications for the managed platform. Nextedy’s security assurance is demonstrated through the Siemens security review, CGAQ, threat analysis, and continuous code-level scanning described above.Industry Relevance
Nextedy products are used by teams working under stringent regulatory frameworks. The product security model supports compliance with:
In all cases, the compliance evidence (versioned documents, audit trails, approval records) is stored in Polarion and benefits from the platform’s validation and electronic signature capabilities.
Nextedy can provide security documentation packages on request, including the Threat and Risk Analysis summary, SBOM, and assessment results. Contact security-alerts@nextedy.com for details.