Bentley Trust Center
Essential Information at Your Fingertips
Bentley’s self-service portal has FAQs, certifications, and documents to ensure your confidence in our security. Watch the less than two-minute video for a quick guide on using the portal.
How to Utilize the Trust Portal (2 min Video)
Bentley’s Account Trust Team is here to help you understand our data security measures. Our Trust Center provides the information you need, whether you’re a new or existing subscriber. Our Trust Portal offers FAQs about our security practices, and you can get instant answers. Our experts maintain the information for accuracy, and you can subscribe for updates. Watch the less than two-minute video to learn how to use the Trust Portal’s features, and click the link to make a request – once approved, you’ll get an acceptance notification from Conveyor, our Trust Portal.
Featured Products in our Trust Portal
Explore our Trust Center FAQ section, where you can find answers to various security-related topics.
Bentley’s ISO certificates, ISO Statement of Applicability, and SOC reports can be found on Bentley’s Trust Portal.
Bentley encrypts data both in transit and at rest.
Bentley’s Information Security and Privacy Compliance Teams have developed incident management frameworks to monitor and log information security incidents, based on the ISO27001 standard.
Bentley supports federation with your identity provider, so your authentication policies are enforced when your end users log into our applications.
Bentley’s security measures protect against intrusions, malware, viruses, and denial of service.
Bentley follows backup policies with active/active architecture, ensuring your applications and data are available 99.9%.
Your application administrator creates roles and permissions for your end users.
Bentley maintains various third-party certifications including ISO27001 and SOC2. See which products are within scope of these certifications on our Trust Portal.
Bentley associates receive training at onboarding and annually thereafter, which addresses our Information Security policy, detecting cyber threats, and acceptable use of company assets.
Visit our Trust Portal to answer your security-related question.
Bentley aims for transparency by promptly notifying users about Common Vulnerabilities and Exposures (CVE) impacting some desktop products. We also value the insights of security researchers who may discover vulnerabilities in Bentley products and services.
Common Vulnerability Exposure (CVE) Program
Bentley regularly issues security advisories to help users reduce risks in desktop products. They are our main way to communicate potential product-related risks. While we generally recommend updating to the latest versions, some advisories offer detailed risk reduction info and version specifics, often mentioning CVE entries. Please be aware that this process, advisory content, and the website may change over time.
Bug Bounty Program
Bentley’s security team diligently investigates all reports of security vulnerabilities impacting Bentley’s products and services. If you are a security researcher or have a security concern and suspect you’ve identified a vulnerability related to Bentley products and services, we encourage you to visit our responsible disclosure program page.
Bentley has embedded privacy and data security into our culture which allows us to utilize our most powerful resource – our colleagues – to keep pace with evolving regulations and user expectations.
Bentley’s Privacy Statement tells you about how we collect, use, disclose, transfer, and store your information, who we share it with, as well as the choices you have regarding your information. Additionally, our associated businesses have their own Privacy Statements: Seequent Privacy Statement and Cohesive Privacy Statement.
Bentley utilises Standard Contractual Clauses (SCCs), as a legal mechanism for transferring personal data of its users from the European Economic Area to the U.S. or other applicable jurisdictions. We have revised our Data Processing Addendum with the new EU Standard Contractual Clauses including an overview of the supplementary measures adopted by Bentley.
Bentley has self-certified and we are officially part of the new Data Privacy Framework (DPF). The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. For further information, please review Bentley’s Notice of Certification.
Bentley's Vendor Assessment
Finding all the necessary information to evaluate our products and services can be difficult. Bentley has gathered information that could assist in your assessment.
To request a Software Bill of Material (SBOM), please submit a ticket to Bentley Support using the provided link. Be sure to include your request and specify the product.