Bentley Trust Center: Compliance

Read Bentley's statement regarding Privacy Shield and Cross Border Data Transfers.

Bentley’s cloud offerings are designed with operational best practices and robust controls to deliver compliance that you can rely on. Bentley partners with leading cloud service providers so that you can benefit from data centers and network architecture built to satisfy the most stringent industry standards and country-specific requirements. The following compliance standards and information attests to the security and dependability of Bentley’s named cloud services offerings.

Bentley Cloud Services Status

Bentley has an array of cloud services and sites that can be monitored by users around the world at any time. The Bentley Cloud Services Status Dashboard lists available services and their current status. This capability allows users to check for service availability prior to contacting technical support.

ISO 27001
Bentley Managed Services

The systems and processes that support Bentley Managed Services are ISO/IEC 27001:2013 certified. ISO/IEC 27001:2013 is one of the most widely recognized information security standards. Compliance with ISO/IEC 27001:2013 is certified by A-LIGN, an ANAB accredited ISO 27001 certification body. View the Bentley Managed Services ISO/IEC 27001:2013 certificate and the current ISO/IEC 27001:2013 Statement of Applicability

Products in scope of Bentley’s ISO 27001 certification for Managed Services include AssetWise (eB Insight V8i), ConstructSim Work Package Server, and ProjectWise.

ISO 27001:2013 recertification audit completed: September 17, 2021. A-LIGN conducted a full audit virtually. The audit included procedures, interviews of personnel, controls, review of documentation and analysis of documentation of audit findings.

Cloud Security Alliance 

Bentley Systems is a Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) registrant. Bentley has completed the Consensus Assessments Initiative Questionnaire (CAIQ) for multiple products and services to provide answers to nearly 300 questions a cloud user or a cloud security auditor may wish to ask of a cloud provider. The CSA STAR is a publicly accessible registry that documents the security controls provided by various cloud computing offerings. The registry helps users assess the security of the cloud providers they currently use or are considering contracting with. View the CAIQ's for Bentley Systems.

Government Cloud

AssetWise ALIM CONNECT Edition
AssetWise CONNECT Edition Linear Analytics
Bentley Connected Data Environment (CDE)
Bentley Recurring Advancement Services Program
Bentley Success Plans
Business Collaborator Common Data Environment
iTwin Services
OpenCities Planner
ProjectWise CONNECT Edition
Reality Modeling Cloud Services
SYNCHRO Workgroup Project
Government Cloud (G-Cloud) is a UK initiative to promote government-wide adoption of cloud computing. The Crown Commercial Service (an agency that works to improve commercial and procurement activity by the government) awarded Bentley Systems International Limited G-Cloud 12 status for the following cloud software offerings and associated implementation and Success Plan services: AssetWise ALIM CONNECT EditionAssetWise CONNECT Edition Linear AnalyticsBentley Connected Data Environment (CDE), Bentley Success Plans, Business Collaborator Common Data EnvironmentComplyPro, iTwin Services, OpenCities Planner, ProjectWise CONNECT Edition, Reality Modeling Cloud Services, Bentley Recurring Advancement Services ProgramSYNCHRO ControlSYNCHRO Field and SYNCHRO Workgroup Project

Service Organization Control (SOC)
Bentley Cloud Services

Bentley Cloud Services are designed to keep user data secure with enterprise grade security, which is demonstrated with the granting of a SOC2 Type I and a Type II report by a certified AICPA auditing body. Bentley Cloud Services are audited annually against the SOC reporting framework by qualified independent computer-security auditors. The scope of audit for Bentley Cloud Services covers controls applicable to in-scope trust principles for each service. In general, the availability of these reports is restricted to customers who have signed non-disclosure agreements with Bentley.  

To request a SOC 2 report, contact your Account Manager. If you do not currently have a Bentley account and would like to request a SOC 2 report, contact us.

The SOC 3 report is designed to be a public document containing a high-level summary without the confidentiality and NDA requirements of the SOC 2 report. Contact us to request SOC 3 report.

EU General Data Protection Regulation

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect.  The GDPR imposes new obligations that will impact companies and other organizations around the world that offer goods and services to European Union residents or that collect and process data tied to EU residents.

Bentley believes that the GDPR is an important step to strengthen and harmonize data protection of EU residents’ personal data. Learn more about Bentley’s Compliance with the GDPR. Review Bentley’s list of subprocessors.

Common Vulnerability Exposure (CVE) program

This year, Bentley is enacting a Common Vulnerability Exposure (CVE) program. Bentley strives to publish important security advisories that help our users mitigate risks for a subset of our desktop products. These advisory pages are Bentley's source of information to our user community for potential risks in our products. Although we generally recommend updating to the latest product versions, some advisories include more detailed information about risk mitigation and specifics of affected versions which should be reviewed before updating. Our advisories are often linked with CVE entries. This process, the information in the advisories, and the website are all subject to change.


Report a security concern

Bentley’s security team investigates all reports of security vulnerabilities affecting Bentley products and services. If you have a security concern or are a security researcher and believe you have found a security vulnerability involving Bentley products and services, please read our responsible disclosure program and send us a report at