Cyber and Information Security

We fulfill our social responsibility and are committed to the careful handling of information from our employees, customers, and business partners throughout the Group. We have implemented numerous actions to actively manage and control cyber and information security risks and ensure uniform cyber and data security standards throughout the Group.
Cyber and Information Security Actions
The Nemetschek Group pursues a comprehensive approach to information security, which includes detailed policies and procedures and is aligned with international standards and regulatory requirements. To best protect our software solutions, IT systems, and networks from cyberattacks, we continuously invest in our security infrastructure and implement targeted actions to strengthen our information security management. Our holistic security strategy aims to strengthen the trust of our stakeholders and establish a scalable, flexible, and needs-based security concept. This concept ensures a stable basic level of security for the entire Group and can also be adapted to the individual requirements of our brands.
Our ISO/IEC 27001-certified information security management system underscores our commitment to the highest levels of data security and customer trust. With this certification, we reaffirm our commitment to protecting sensitive information across the group, minimizing cyber threats, and reliably complying with global data protection regulations. The certification applies to all Nemetschek Group brands—with the exception of the recently acquired company GoCanvas.
Our standardized information security architecture enables centralized monitoring, analysis, and response to security-relevant incidents. These are carried out via our Security Operation Center (SOC), which provides attack detection and response actions around the clock (24/7) to identify potential threats early and efficiently mitigate them. Security incidents are incorporated into a structured security incident process.
Another key element of our security strategy is employee awareness and training. Regular training sessions and phishing email simulations increase awareness of information security risks and contribute to a security-conscious corporate culture. In addition, the Nemetschek Group has group-wide cyber security insurance to further protect itself against information security risks. Learn more in our Trust Center.