Loading...
Last Updated: 2026-05-28 Information security is embedded into Flexera’s organizational structure and governance model.
See Organizational Controls for information about our organizational controls and compliance programs.
Executive management plays a critical role in overseeing the organization's security risks and ensuring compliance with relevant regulations and standards. This high-level oversight ensures that security remains a strategic priority across all business operations.
The security function within the company is led by the Chief Information Security Officer (CISO), who is responsible for guiding the overall security strategy. The CISO leads a dedicated security team that manages all aspects of corporate security, security engineering, and security compliance. This structure ensures that security initiatives are effectively coordinated and integrated within the organization's governance model.
The Information Security Team is responsible for all aspects of corporate and infrastructure security including asset management, capacity management, access management, network security, logging and monitoring, vulnerability management, backups and business continuity/disaster recovery.
Security Engineering is responsible for ensuring that production systems are governed by appropriate policy and processes; that security is implemented in the development lifecycle; and secure practices are followed in coding, testing, delivery, and operations.
The Security Governance, Risk and Compliance Team is responsible for the maintenance of the security policies, third party security risk assessments and maintaining Flexera security certifications.
The Product Security Team is responsible for all aspects of product and production security.
ISO 27001:2022 is an international standard that provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The standard is organized into several sections that cover various aspects of information security management.
There is a purposeful correlation between Flexera's Organizational Controls and the ISO27001:2022 sections 5, 6, and 7.
The Corporate and Production controls are more closely aligned with the ISO27001:2022 sections 8 and 9, with ISO sections 4 and 10 reflected in all areas, and primarily documented in our ISMS Manual.
Where possible, Flexera's ISO program controls are specified to directly overlap with and meet the needs of as many certifications as possible; minimizing the need for additional overlays, controls and processes. This approach allows us to maintain an efficient compliance program while supporting multiple certifications. As such, the ISO controls we operate may be stronger than organizations that are not "ISO first" in their approach to compliance, and can be sufficient to meet the requirements of other frameworks without the need for additional controls.
Flexera maintains overlays for security frameworks that have special applicability, such as IRAP, FedRAMP, etc. as necessary. These overlays specify the additional controls and processes required to meet the specific requirements of specialized frameworks that are not appropriate for every customer or product, while leveraging the foundational controls established through our ISO 27001:2022 compliance.