3DEXPERIENCE Trust Center

3DEXPERIENCE platform Cloud SLA

Security Details

FASQ – Frequently Asked Security Questions

Your Questions

3
•

•
•

•
•
 3DEXPERIENCE Platform Cloud – SLA
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DEXPERIENCE on Cloud Overview - r2020x - v1.06 - Internal Use Only.pptx

Contractual view
SLA : Service Level Agreement : https://www.3ds.com/terms/sla
 Always ON : 24/7 - Service continuity is a priority

Monthly Availability 99.5% (SLA = accessibility to the platform)

Backups Minimum 1 backup per 24 hours

Upgrade/Update upon 3DS planning GA or FD : Every 8 to 10 weeks

4 hours (usually Saturday between 3AM to 7AM Paris Time)

Max. Downtime during Updates Confirmed at least 20 days in advance.
Fixing Continuous Servers hot fixing and proposed rich client HF

 Disaster recovery ready

 Recovery Time Objective (RTO) = 24 hours
 Recovery Point Objective (RPO) = 24 hours

9
 3DEXPERIENCE on Cloud : Responsibilities
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DEXPERIENCE on Cloud Overview - r2020x - v1.06 - Internal Use Only.pptx

3DEXPERIENCE Platform SaaS

3DEXPERIENCE Platform PaaS

IaaS

Physical Resources

Datacenter (building, electricity, cooling,

physical room security)

10
 © Dassault Systèmes | Confidential Information | 30/06/2021 | ref.: 3DS_Document_2021
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DEXPERIENCE on Cloud Overview - r2020x - v1.06 - Internal Use Only.pptx

11
11
3DEXPERIENCE ON THE CLOUD
 DISASTER RECOVERY PLAN (DRP)
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DEXPERIENCE on Cloud Overview - r2020x - v1.06 - Internal Use Only.pptx

How to manage a critical disaster on a datacenter?

 Automated process is accompanied by supervision mechanisms allowing verification of the success of the backups
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DS_Document_2021

 Availability Zones (AZ) with separate power supplies and networks, within separate physical data center locations
 DRP mechanisms are regularly tested in pre-production and in production
 Crisis Management Process / High Management Attention

PRODUCTION Site
Active

Replication Active-Passive Mode

xx kms

Internet
Customer user Passive
3DEXPERIENCE platform SaaS
DRP Site
12
12
 ISO 9001:2015 - Dassault Systèmes is 3DEXPERIENCE on the cloud is certified
© Dassault Systèmes | Confidential Information | 30/06/2021 | ref.: 3DS_Document_2021

certified on Quality Management System ISO 27001:2017

ISO 27001:2017 (Information Security Management)

ISO 9001:2015 Certificate Scope:
Design, development, delivery,
ISO 27701:2019 (Security techniques — Extension to
deployment, cloud operations, and support
ISO/IEC 27001)
of software

ISO 27001:2013 - 3DS IaaS Providers are certified on

Information Security Management System

+ ISO 27017:2015 (information security controls applicable to the provision and use of cloud
services)
+ ISO 27018:2014 (objectives, controls and guidelines for implementing measures to protect
Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC
29100 for the public cloud computing environment)
+ ISO 27701:2019 (Security techniques — Extension to ISO/IEC 27001)
13
https://www.3ds.com/trust/3dexperience-trust-center
 A service is a functional domain operated automatically as an autonomous unit in a distributed architecture

Encryption SECURE COMMUNICATION

- Data in transit is secured using an end-to-
© Dassault Systèmes | Confidential Information | 30/06/2021 | ref.: 3DS_Document_2021

end HTTPS/TLS 1.2 encryption algorithm

- Encryption at Storage level (Encryption
type: XTS-AES 256-bit) * 3DLean 1.1 Service N 2.1 3DSpace 2.1
Functions Functions 1.0 Functions
Load-balancing proxy Service N 2.2
High-availability, high-performance service
with DDoS ** and WAF attack prevention Functions 1.0
and blacklisting mechanisms.

Vulnerability detection Security Security 1.0 Security

Multi-layer vulnerability management
system, including a Gartner-leading Supervision Supervision Supervision
scanning tool, protect applications, Security 1.1
middleware, network and operating systems. Operations Operations Operations
Supervision
Malware Protection
Anti-Malware and EDR ( Endpoint Detection Operations
and Response)
Legend Functions 3DSpace 2.1
Facet Load Balancing
* Available on EMEA + US EAST data centers

14 ** In computing, a Denial-Of-Service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network
resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network
 R2021x GA R2022x GA
© Dassault Systèmes | Confidential Information | 10/26/2023 | ref.: 3DS_Document_2021

Security Patch management

and Vulnerability fix
- Post in Community (example)
- Knowledge base (example)
R2021x FD07 HF7.10
R2021x FD07 + HF7.14

Release Lifecycle
- Major upgrades: 1 GA & ~5 FDs / year R2021x FD07 HF7.1 R2022x GA

- ~10 weeks between each upgrade

15
 © Dassault Systèmes | Confidential Information | 30/06/2021 | ref.: 3DS_Document_2021

16
Is the 3DEXPERIENCE public cloud
platform secure?
Yes, see the Trust Center for details
Can a customer control what servers their data
is stored on when using the 3DEXPERIENCE
public cloud platform?
Yes
Does that mean that the public cloud can meet
geographical requirements like ITAR?

No
Does Dassault Systèmes have access to the
customer’s data on the cloud?

No, see SLA for details

Can you provide SOC 2 reports for my client?

No, not at this time

 Can you help me fill out a Security
Questionnaire for my prospect/customer?

Yes, with your help and participation