Security is of utmost importance to PTC. It is a core Service feature that protects customer’s data ensuring confidentiality, integrity, and availability.

Over the years, PTC has worked with third-party auditors to test and benchmark the security program. As a result,PTC is ISO 27001: 2013 certified and maintains SSAE16 SOC 2 Type II Security & Availability Trust Principles.

Customers can request copies of PTC Cloud SSAE18 SOC 2 Type II for the Availability and Security Trust Principles report and/or the ISO27001 Certificate by opening Service Request on PTC Support Portal or by reaching out to your Account Representative.

The Customer plays an important role to ensure Service delivery and data security. To maintain security, in addition to adhering to the Usage Restrictions defined in the PTC Cloud Services Terms & Conditions, the Customer is responsible for, but not limited to:

PTC conducts penetration testing on a regular basis in partnership with a third-party testing firm on a Windchill+ instance which is a representative of all Production instances. The findings of this testing are incorporated into the ongoing security architecture, solution development, and threat detection efforts.

Customers may not perform, or hire any third-party to perform, additional penetration testing on their Windchill+ instances without prior written consent from PTC. There are minimal reasons to justify additional customer-specific testing, and PTC reserves the right at its sole discretion to refuse any request for such testing.

For more information, see PTC Cloud Security Whitepaper.