Partners and customers often ask whether Sage CRM is ISO 27001 or SOC 2 certified. To help you answer these questions clearly and confidently, we’ve published a new supplementary guide on Sage Partner Central:

 ISO 27001, SOC 2, and Sage CRM

What the guide covers

The guide explains:

• The difference between product security features and operational certifications like ISO 27001 and SOC 2.

• Why ISO 27001 and SOC 2 apply to the operation of systems, not to software products themselves.

• What this means for Sage CRM, which can be deployed on-premises or in a private cloud.

• How this contrasts with Sage’s cloud-native products such as Sage Intacct (and Sage-hosted X3), where Sage provides ISO 27001 certification and SOC 2 audit reports.

• Key talking points to use with customers during sales conversations and in response to RFPs.

Why it’s helpful

This guide gives colleagues and partners a clear, consistent explanation of how to position Sage CRM when customers ask about security certifications. It ensures that you can:

• Set the right expectations for on-premises and customer-hosted CRM deployments.

• Confidently highlight the certification coverage for cloud-native Sage products.

• Address integration scenarios where Sage CRM works alongside Sage accounting products, clarifying where compliance responsibilities lie.

Next steps

Download and familiarise yourself with the guide so you can use it in conversations with customers and prospects. Having a consistent, well-structured explanation strengthens trust and reinforces the value of Sage CRM as part of Sage’s broader product ecosystem.