Tecsys named a challenger in the 2026 Gartner® Magic Quadrant™ for warehouse management systems

Access report

Security and confidence

Security built into the Tecsys Elite™ platform.

Tecsys cloud-based solutions are designed with security, privacy and resilience as core requirements - not add-ons. We help organizations run supply chains they can rely on in critical moments by combining operational reliability with robust security architecture and controls, ensuring products move safely, accurately and with confidence in regulated environments.

Our approach is simple

warehouse icon

Protect customer data through rigorous technical and operational controls

growth icon

Validate our controls through independent third-party audits

update icon

Provide transparency on how we secure, process and manage data

cloud icon

Support regulated and governmental environments with clearly defined safety limits

This page describes how Tecsys protects your systems, data and operations.

Security and confidence

May 27, 2026

 

Security built into the Tecsys Elite™ platform.

Tecsys cloud-based solutions are designed with security, privacy and resilience as core requirements - not add-ons. We help organizations run supply chains they can rely on in critical moments by combining operational reliability with robust security architecture and controls, ensuring that products move safely, accurately and with confidence in regulated environments.

Our approach is simple:

  • Protect customer data through robust technical and operational controls
  • Validate our controls through independent third-party audits
  • Ensure transparency on how we secure, process and manage data.
  • Support regulated and governmental environments with clearly defined security limits.

This page describes how Tecsys protects your systems, data and operations.

Compliance and certifications

Tecsys maintains independent certifications and audit reports to validate our security controls and operational processes.

Independent audits and certifications include

  • SOC 2 Type II (security, availability and confidentiality)
  • ISO 27001 (information security management)
  • Additional environmental certifications and attestations

Each certification is independently audited and reassessed according to a defined schedule.
For security review teams, the following documentation is available under confidentiality agreement

  • SOC 2 report
  • ISO certificate
  • Penetration test summary
  • Data Processing Agreement (DPA)
  • Disaster recovery overview

Request documentation →

 

 

Government and regulated environments

Tecsys supports healthcare providers, distributors and public sector organizations that operate under strict regulatory requirements.

Where appropriate, Tecsys maintains clearly defined environments for government or regulated customers. These environments may include

  • Hosting in approved cloud regions
  • Logical and operational separation from commercial SaaS environments
  • Alignment with NIST security frameworks
  • defined authorization limits and baselines of control

If operating in a FedRAMP-authorized or FedRAMP-aligned environment, Tecsys will clearly state:

  • Authorization level
  • Products and services covered
  • Hosting provider and region
  • Security control base

We provide full transparency on what is and isn't covered.

For government-specific documentation, please contact our security team.

 

 

Data protection and privacy

Customer data belongs to the customer. Tecsys processes the data solely for the purpose of providing the contractual services.

Ownership and use of data

  • Customers retain ownership of their data
  • Data is used only to provide and support the Tecsys service.
  • Tecsys does not sell customer data.

Data encryption and security

  • Encryption in transit using industry standard TLS
  • Encryption at rest within the approved cloud infrastructure
  • Logical tenant isolation across the entire platform

Data retention and deletion

  • Contractually defined data retention policies
  • Secure deletion procedures when data is no longer required
  • Defined abandonment procedures

Respect for privacy

Tecsys supports compliance with :

  • GDPR
  • CCPA and applicable U.S. privacy laws
  • Industry-specific healthcare requirements, where applicable, including HIPAA and SOC2.

A Data Processing Agreement (DPA) is available upon request.

Subcontractors

Tecsys maintains a list of subcontractors used to provide services. Customers are informed of important changes in accordance with the contractual conditions.

See the list of subcontractors →

 

 

Privacy and responsible artificial intelligence

Tecsys integrates AI capabilities directly into supply chain workflows. These capabilities are governed by strict controls on privacy and data use.

Customer data and model formation

  • Customer data is not used to form base models, unless explicitly agreed in writing.
  • Customer data is not shared with third-party model providers for model curation or enhancement purposes.
  • AI functions operate within the limits defined by the tenant.

Data processing in AI workflows

  • Prompts and results are logged in accordance with our security policy.
  • Access to logs is restricted and verified
  • Administrative access is controlled and monitored.

Governance and monitoring

  • AI functions undergo a structured security and privacy review before release.
  • Bias and performance tests are carried out where appropriate.
  • Modifications to AI functionality are subject to formal change management processes.

Transparency

Where AI functionality uses subcontractors, these are listed in the subcontractor register.

 Our aim is simple: to deliver measurable value through AI while maintaining strict control over customer data.

 

 

Platform security architecture

Security controls are integrated throughout the Tecsys platform.

Identity and access management

  • Role-based access control (RBAC)
  • SAML and OIDC-based single sign-on support
  • Support for multi-factor authentication

Network and infrastructure security

  • Segmented cloud environments
  • Firewall and network isolation
  • Enhanced production infrastructure

Secure development cycle

  • Secure Software Development Life Cycle (SSDLC)
  • Automated code review and security testing
  • Vulnerability scanning integrated into CI/CD pipelines
  • Regular third-party penetration testing

Vulnerability and patch management

  • Continuous vulnerability monitoring
  • Remediation times defined according to severity of problems
  • Risk-based patch management

 

 

Operational resilience and continuity

Tecsys designs solutions to ensure availability and continuity in environments where downtime is unacceptable.

High availability

  • Redundant infrastructure
  • Multi-zone cloud deployment
  • Defined uptime targets

Disaster recovery

  • Documented disaster recovery plan
  • Recovery time objective (RTO)
  • Recovery point objective (RPO)
  • Regular recovery tests

Business continuity

  • Formal business continuity plan
  • Periodic testing and review
  • Escalation and response manuals

 

 

Incident monitoring and response

Tecsys actively monitors operational security.

Continuous monitoring

  • 24/7 monitoring of production systems
  • Centralized logging and audit trails
  • Abnormal activity alert

Incident response

  • Documented incident response process
  • Severity levels and escalation paths defined
  • Customer notification procedures aligned with contractual requirements
  • Post-incident review and corrective action follow-up

 

Supplier and third-party risk management

Tecsys evaluates third-party suppliers who support platform delivery.

  • Formal supplier risk assessment program
  • Safety and compliance requirements integrated into contracts
  • Periodic reassessment of critical suppliers
  • Security alignment of cloud suppliers

Third-party suppliers are assessed against security, confidentiality and operational risk criteria before being engaged.

 

 

Transparency and access to documents

Tecsys supports structured corporate security review processes.

Available documentation includes

  • SOC reports
  • ISO certifications
  • Penetration test summaries
  • Security white papers
  • DPA and security-related contractual documents

Request security documentation → security@tecsys.com
Contact the security team → security@tecsys.com

 

 

Shared responsibility model

Security in cloud environments is a shared responsibility.

Tecsys is responsible for :

  • Platform security
  • Infrastructure protection
  • Application security controls
  • Operational monitoring

Customers are responsible for :

  • User access governance
  • Configuration management
  • Access point security
  • Application of internal policies

We provide advice and best practices to help customers configure the platform securely.

 

 

Versioning and governance

This Security & Trust Center is reviewed and updated regularly to reflect current certifications, controls and operational practices.