Final Call: Save $400 on Insights 2025 – Use Code "Special400" at Registration dot-arrow
Book a Demo
search
close-icon
Chemical Corporate Food & Beverage Manufacturing Healthcare Higher Education Mining Oil & Gas Pharmaceutical Manufacturing Retail Utilities
Industries Overview
Explore Interactive Product Demos

Solutions

  • Workplace Management
  • Real Estate Management
  • Maintenance Management
  • Energy Management
  • Engineering Document Management
  • Asset Management

Solutions Overview >

Workplace Management Solutions

Real Estate Management Solutions

Maintenance Management Solutions

Energy Management Solutions

Engineering Document Management Solutions

Asset Management Solutions

Products

Products Overview >

Resources

Browse our full library of resources all in one place, including webinars, whitepapers, podcast episodes, and more.

View All Resources

Support

Looking for access to technical support, best practices, helpful videos, or training tools? You’ve come to the right place.

Customer Hub

About Accruent

Get the latest information on Accruent, our solutions, events, and the company at large.

Contact Us

Accruent's Security Addendum

This Security Addendum (“Addendum”) is entered into by and between Accruent and its applicable client (on behalf of itself and its Affiliates, “Client”) and is incorporated by reference into, and forms a part of, the governing terms and conditions or other written or electronic agreement between Accruent and Client (the “Agreement”) for the provision of Accruent’s Services (as defined in the Agreement) to reflect the parties’ agreement regarding information security . Except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force and effect. In the event of a conflict between this Addendum and the Agreement, this Addendum will govern. Terms used but not defined herein shall have their respective meanings as set forth in the Agreement.

1. SECURITY

Accruent shall use reasonable methods and safeguards designed to protect the Client Data, including from any unauthorized collection, access, use, storage, disposal, and disclosure, by its employees, agents, or subcontractors. To fulfill its obligations under this Section, Accruent shall have in place, at a minimum, physical, technical, administrative, and organizational safeguards that provide for and are designed to ensure: (a) protection of business facilities, computing equipment, equipment with information storage capability, and backup systems containing Client Data; (b) network, application (including databases) and platform security; (c) business systems are designed to optimize security and proper disposal of Client Data according to the terms of this Addendum and the Agreement; (d) secure transmission and storage of Client Data (including encryption that meets or exceeds current industry standards, as detailed in Section 6.2 below; (e) authentication and access control mechanisms over Client Data, operating systems and equipment; (f) personnel security, including background checks consistent with applicable law; (g) annual training to Accruent’s employees on physical, technical, and administrative information security safeguards and confidentiality; (h) that Client Data is stored in data centers that have industry standard security controls, and (i) restrictions to ensure that Client Data files are not placed on any notebook hard drive or removable media, such as compact disc or flash drives, unless encrypted.

2. DATA BREACH

2.1  In the event Accruent experiences a Data Breach, Accruent will notify Client of the Data Breach as soon as practicable, but in no case later than seventy-two (72) hours after the event with relevant information including the nature of the Data Breach, the nature of the Client Data affected, the categories and number of users concerned, the number of Client Data records concerned, and measures taken to address the Data Breach. "Data Breach" means any improper, unauthorized or unlawful access to use of or disclosure of data subject personal information directly caused by Accruent's breach of this Addendum.

2.2  Accruent shall take prompt steps to remedy the Data Breach where reasonably practicable in accordance with Applicable Law. Client is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities in relation to any Data Breach.

3. VULNERABILITY MANAGEMENT

3.1  Accruent shall maintain policies designed to ensure that Accruent assets, systems and software used to store, process, transmit or maintain Client Data are protected from known or reported vulnerabilities to external threats to functionalities or security by installing applicable and necessary security patches within a reasonable timeframe. Accruent will provide application penetration test executive summary reports upon written request.

3.2  Accruent shall evaluate security alerts, advisories, and directives from relevant external sources to determine: (a) exposure to such vulnerabilities, and (b) appropriate measures to address the associated risk.

4. DISASTER RECOVERY

4.1  Accruent shall maintain a documented and appropriate disaster recovery policy designed to enable it to continue or resume providing Services in a timely manner after a disruptive event (“Disaster Recovery Plan”). In the event a disaster is declared, Accruent will initiate the Disaster Recovery Plan and shall use commercially reasonable efforts to resume access to Client’s Services at Accruent’s back-up data center facility in accordance with Accruent’s recovery time objectives.

4.2  Accruent shall annually test and monitor the effectiveness of its Disaster Recovery Plan, including safeguards, controls, systems, and procedures, evaluate and modify the Disaster Recovery Plan as needed to address newly-identified internal and external risks to the security, confidentiality, and integrity of the Client Data.

5. RECORDS, INFORMATION AND AUDIT

5.1  Client may, no more than once annually and with thirty (30) days' advanced written notice, request a SOC 1, or SOC 2 report, or a bridge letter by contacting audit.compliance@accruent.com. Client must include information on Accruent product(s), the type of audit report requested, and contact information in the request.

5.2  Client may, no more than once annually and with thirty (30) days’ advanced written notice, submit an industry-standard security questionnaire for Accruent to complete.

6. DATA LOCATION AND ENCRYPTION

6.1  Accruent will work with reputable hosting providers for its SaaS Services that have industry-standard security precautions for the type of information maintained, which and shall include, but not be limited to, procedures and measures designed to prevent unauthorized access to the SaaS Services and unauthorized use of and/or modification of Client Data.

6.2  Client Data may be encrypted at rest, in motion, or both during transport, in accordance with the table below.

security table eng

7. REGULATORY COMPLIANCE

7.1 DORA. If Client qualifies as a “financial entity” under Regulation (EU) 2022/2554, or the Digital Operational Resilience Act (“DORA”), then to the extent required under Applicable Law, this Section 7.1 shall apply. The supplemental terms below are in addition to those otherwise set forth in this Addendum and the Agreement for the purpose of enabling Client to meet its regulatory obligations under DORA in connection with Accruent’s provision of the Services. 

7.1.1 Key Contractual Provisions. 

a. Service Description. The scope of the Services is described in the Agreement and/or Order Document governing Client’s use of Accruent’s Services. 

b. Location. For SaaS Services, Client Data storage and processing locations are specified at https://www.accruent.com/subprocessor-list. The data storage and processing locations might be added or changed in connection with the Services in case Accruent engages a new subprocessor and Client will be informed in line with the process agreed under applicable Data Processing Addendum (“DPA”) in such case. 

c. Data Protection. Accruent’s obligations with regard to the availability, authenticity, integrity, and confidentiality in relation to the protection of data, including Personal Data, are set forth in the applicable DPA and Agreement. A list of Accruent’s certifications is available at: https://www.accruent.com/security-compliance-certifications; detailed information including access to the certifications and reports can be provided upon Client’s request. 

d. Access, recovery and return of Client Data.  Accruent shall, within a reasonable period of time following receipt of Client’s written request received within thirty (30) days following the termination events defined in DORA, make Client Data, including Personal Data, available to Client in a format mutually acceptable to the parties.

e. Service Level Descriptions. Accruent’s support policy and service level descriptions, including updates and revisions thereof, are defined in the applicable Agreement and/or Order Document, also available at:  https://www.accruent.com/services-support/customer-support

f. Incident Assistance. Accruent shall provide reasonable assistance to Client regarding incidents that have negative impact on the continuity or security of the Services in accordance with the incident support or reporting procedures in the Agreement and/or DPA.

g. Cooperation. To the extent required under Applicable Law, Accruent shall cooperate in good faith with the competent authority, including with persons appointed by the competent authority, for requested information regarding the Services provided to Client, so long as Client does not otherwise have access to the relevant information.  

h. Termination. In addition to the termination rights provided in the Agreement, Client may terminate the Agreement, in whole or in part, in the event of:

i. A formal instruction from the competent authority;

ii. Accruent’s significant breach of Applicable Law or the Agreement and Client reasonably believes is nonremedial;

iii. There are material changes affecting the Agreement or the situation of Accruent, or circumstances indisputably deemed capable of altering the performance of the Services;

iv. There are undisputed evidenced weaknesses pertaining to Accruent’s overall risk management, security, information, and data that are not promptly remediated;

v. where the competent authority can no longer effectively supervise the Client as a result of the conditions of, or circumstances related to, the Agreement.

Provided, however, Client must provide Accruent with written notice describing the nature and basis of the breach and Accruent has failed to cure the breach within thirty (30) days after receipt of Client’s notice of breach.

i. Accruent Security Awareness Training. Accruent’s employees are subject to annual security awareness training on physical, technical, and administrative information security safeguards and confidentiality. 

7.1.2 Confidentiality. Any audit reports, documentation, or other information relating thereto shall be deemed Accruent’s Confidential Information and protected in accordance with the confidentiality terms set forth in the Agreement. Client may disclose such information only to its competent authority or its appointed auditor or consultant, provided such disclosure is made on a strict need-to-know basis and subject to confidentiality obligations no less protective than those set in the Agreement. Except as permitted in the foregoing or as otherwise required by Applicable Law, Client shall not disclose any such information to third parties without Accruent’s prior written consent.

 

The time is now to unify your built environment with purpose-built solutions

Request a demo

Subscribe to stay up to date with our latest news, resources and best practices.

* To unsubscribe at any time, please use the “Unsubscribe” link included in the footer of our emails.

Company
Products
Solutions
Industries
Support
Resources
Legal | Terms of Use | Privacy Policy | Cookies Settings
English (United Kingdom)
© Copyright Accruent 2025.