Simple. Serverless. Secure. uniFLOW Online
Cloud-based Secure Printing, Scanning and Accounting uniFLOW Online
Secure Cloud Printing and Scanning for Business uniFLOW Online
Control Access. Control Cost. uniFLOW Online Express

Compliance and certification

NT-ware as well as the Microsoft Azure platform comply with many industry standards and regulations to help keep your data safe. NT-ware’s commitment to learning and certification help us get the most out of the powerful platform.

Employee certification and education

Canon INC and NT-ware - as part of the Canon Group - are members of the global Microsoft Enterprise Skills Initiative (ESI). NT-ware employees have free access to the Microsoft learning platform (Learner Experience Portal) and Microsoft-delivered, instructor-led, advanced role-based training to develop skills and retrieve Microsoft Azure and Microsoft security related certifications for different certification levels from fundamental to expert level. NT-ware employees benefit individually from certification by gaining international recognition as experts in Microsoft Azure and enhancing their professional credentials.

In addition to the Microsoft Enterprise Skills Initiative employees can take part in Microsoft Cloud Skills Challenges to extend their knowledge and skills on various Microsoft Azure topics.

NT-ware also offers learning and skills development into every employee’s personal improvement plan utilizing systems such as Pluralsight and other industry-related education platforms and certifications. These qualifications help NT-ware employees to stay current with cloud technologies, secure development and IT security.

Microsoft compliance

uniFLOW Online is a 100% SaaS platform built on Microsoft Azure. The Microsoft Azure data centers hosting uniFLOW Online meet a broad set of international as well as regional and industry-specific compliance standards e.g. ISO 27001, ISO/IEC 27018, EU Model Clauses, MTCS, FedRAMP, SOC 1 and SOC 2. Compliance to these standards is verified by third party audits and the results are available on the Microsoft Azure website. Please review the links below for Microsoft’s complete compliance offering.

Microsoft Azure compliance offerings

Compliance in the trusted cloud

NT-ware compliance

NT-ware Systemprogrammierungs-GmbH is certified according to the international standards ISO/IEC 27001:2022 & ISO/IEC 27017:2015. By attaining ISO 27001 & ISO 27017, NT-ware can confirm its security processes have been third-party certified to internationally recognized standards. These standards demonstrate NT-ware’s commitment to information security within the company and our online service offering:

ISO/IEC 27001:2022

  • Security – reviewing and enforcing industry standards
  • Confidentiality – ensuring that information is accessible only to those authorized to have access
  • Integrity – safeguarding the accuracy and completeness of information and processing methods
  • Availability – ensuring that authorized users have access to information when needed

ISO/IEC 27017:2015

  • Administration – operations and procedures associated with the cloud environment
  • Responsibility – NT-ware as a cloud service provider and customer of cloud services
  • Security and Privacy – handling of data, assets and the management of cloud resources

Please find the online certificates and the scope of our ISO/IEC 27001:2022 & ISO/IEC 27017:2015 certifications in the BSI client directory.


SOC 2 is a widely recognized standard for service organizations, particularly those operating in the cloud, to ensure they effectively manage and protect customer data. At NT-ware, we adhere to these standards to uphold our commitment to security and data protection. The SOC 2 Type 1 report evaluates the design and implementation of these controls at a specific point in time. The report is issued in accordance with the standards established by the American Institute of Certified Public Accountants (AICPA).

The SOC 2 Type 1 report for NT-ware Systemprogrammierungs-GmbH was conducted by an independent external auditor and assesses compliance with the Trust Services Criteria, a set of standards covering all five domains.

  • Security – ensuring that systems and data are protected from unauthorized access and breaches
  • Availability – confirming that systems and services are consistently accessible and operational when needed
  • Processing Integrity – verifying that data processing is complete, reliable and accurate
  • Confidentiality – protecting sensitive information from unauthorized disclosure
  • Privacy – managing and safeguarding personal data in compliance with relevant privacy laws and regulations

Our full SOC 2 Type 1 report can be requested through Canon and Canon business partners via the NT-ware Customer Portal and is provided under a non-disclosure agreement (NDA).


The international standard ISO 14001 defines requirements for an environmental management system and guides an organization on how it can improve its environmental performance, meet legal and other obligations and achieve environmental goals. NT-ware, as part of the Canon Group, has been assessed and certified as meeting the requirements of ISO 14001:2015.


NT-ware ensures that our business practices and any product features follow strict guidelines under the General Data Protection Regulations (GDPR). Our GDPR readiness and handling of data subject to this standard is reviewed at least annually.


The Federal Risk and Management Program (FedRAMP) is a cybersecurity risk management program for the purchase and use of cloud products and services. FedRAMP is a certification that helps U.S. government agencies and many public sector companies to identify technology that can support a rapidly evolving work environment while addressing security and control requirements. Canon Office Cloud Print Management Solution has achieved moderate-level FedRAMP authorization. uniFLOW Online is part of the Canon Office Cloud Print Management Solution and FedRAMP compliant for the U.S. deployment only.


What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory standard followed by card schemes to increase control over cardholder data to reduce the risk of fraud. PCI DSS assessment and certification is important in any form of cyber defense where credit card information is handled.

uniFLOW Online cloud service can be integrated into payment gateways, such as PayPal™, Flywire (WPM), and Quickpay, providing a simple and secure way for users to top up their print and copy accounts budget without processing or storing credit card data. All the credit card gateways supported by uniFLOW Online cloud service offer an integration architecture that uses URL redirect to direct the user to the payment gateway website. Users performing budget top-ups will be redirected to the payment provider site to complete the transaction. The result of the transition is returned only, confirming the payment was successful or rejected

Scope of PCI DSS requirements
PCI DSS requirements apply to the cardholder data environment (CDE), which is comprised of:

  • System components, people, and processes that store, process, and transmit cardholder data and/or sensitive authentication data, and,
  • System components that may not store, process, or transmit CHD Card Holder Date/SAD Sensitive Authentication Data but have unrestricted connectivity to system components that store, process, or transmit CHD/SAD.

PCI DSS requirements also apply to system components, people, and processes that could impact the security of the CDE.

Will uniFLOW Online ever process card data?
No. uniFLOW Online never collects, processes, or stores any card data. Neither credit card data (card numbers, CVNs, expiry dates) nor payment details are ever passed to or held by our solution. All credit card processing and user interaction occur ONLY on the payment provider’s site via URL redirect.

PCI considerations for uniFLOW Online
uniFLOW Online uses the URL redirection method, uniFLOW Online never collects, processes, transmits, or stores CHD / SAD with a payment provider's CDE. uniFLOW Online is hosted by NT-ware, and hence, the environment is NT-ware's responsibility.

  • NT-ware has completed the SAQ A self-assessment for our uniFLOW Online environment; this can be requested via our pre-sales channel and provided under a non-disclosure agreement (NDA).
  • NT-ware adheres to strong coding and development practices; further details can be found here: Security - uniFLOW Online.
  • Independent penetration testing is carried out on our server and cloud product offering. Penetration testing is performed four times a year on new feature released and scheduled components. Penetration testing by customers is encouraged by NT-ware, please check under our Security section for detail.