IBI does not currently provide SOC 2 reports specific to WebFOCUS. SOC 2 reports typically assess the controls relevant to security, availability, processing integrity, confidentiality, and privacy of a service organization's systems. For customers utilizing WebFOCUS in on-premises environments, conducting local audits of applications and infrastructure is recommended to ensure compliance and security alignment with organizational standards.

Internally, IBI actively scans WebFOCUS software for known vulnerabilities and addresses any identified issues promptly. However, the results of these scans are not publicly disclosed.

To support security best practices, IBI offers the following resources:

• General Security Manual: Provides comprehensive guidelines for administering security measures within WebFOCUS environments.

  • https://docs.tibco.com/pub/wf-wf/9.2.1/doc/pdf/IBI_wf-wf_9.2.1_security_administration.pdf?id=11

• Best Practice Guide: Offers recommendations for securing applications and environments using WebFOCUS.

  • https://docs.tibco.com/pub/wf-wf/9.2.1/doc/pdf/IBI_wf-wf_9.2.1_security_bestpractice.pdf?id=12

If you conduct internal scans and discover potential vulnerabilities, please submit a scan report through a support case. Our team will evaluate the findings and provide guidance on appropriate next steps. For vulnerabilities associated with known Common Vulnerabilities and Exposures (CVEs), please include the CVE number for reference.

If you suspect a vulnerability in WebFOCUS, please provide detailed steps to reproduce the exposure to expedite investigation and resolution.

While SOC 2 reports specific to WebFOCUS are not currently available, customers are encouraged to utilize the provided security resources and engage in local audits to ensure the security and compliance of their WebFOCUS deployments. Regular monitoring, proactive scanning, and adherence to best practices outlined in our security documentation are crucial steps in maintaining a secure environment.

This approach ensures that WebFOCUS environments align with industry standards and organizational security requirements, enhancing overall security posture and mitigating potential risks.