Trust Centre
At Softcat, trust is at the heart of everything we do. Our customers, partners, and stakeholders rely on us to protect their data, operate ethically, and uphold the highest standards of security and compliance. We take that responsibility seriously.
We are committed to robust cybersecurity, ethical business practices, and transparent governance. Our Trust Centre provides access to key documentation and certifications that demonstrate our dedication to these principles.
Want to be part of our journey?
React2Shell Vulnerability Statement
Softcat are closely monitoring the React2Shell vulnerability impacting applications built using React. We can confirm that Softcat has not been impacted by this and in addition, we have undertaken an internal exercise to identify any instances of React software within our estate and ensure they were updated to the latest secure versions.
As a technology reseller, Softcat offers customers a route to procure products and services from third party vendors, whom may use React in their operations. Customers should monitor for notifications from these vendors directly. Should assistance contacting vendors be required you can contact your account manager for support.
Salesloft Drift Statement.
Softcat are closely following the incident impacting Salesforce customers utilising Salesloft Drift. We can confirm that Softcat does not utilise Salesforce in our own operations and are not aware of any impact to us or customers of our own managed service offerings at this time.
As an IT reseller, Softcat provides a route for customers to procure products and services from thousands of vendors, many of whom will utilise Salesforce in their operations. Impacted vendors, such as Cloudflare, Palo Alto and Zscaler are notifying customers directly. If you require any assistance contacting vendors in relation to services procured through Softcat, please contact your account manager for support.
Oracle Fusion
Softcat is aware of and is closely following the news and commentary associated with the suspected Oracle data breach. We are also aware that our domain appears in the CloudSek search tool, which lists the domains the threat actor has claimed are affected by this incident.
Softcat does not use Oracle Cloud or Fusion applications; however, we do utilise Netsuite as our ERP. Our user access to this is secured by SSO with conditional access policies that should mitigate any risk to user accounts. Although Oracle has not yet issued any guidance on suggested mitigation, we have rotated credentials on local accounts that include our non-human identities stored within the platform.
At present, we are not aware of any impact to Softcat or our customers arising from this event. We will continue to closely monitor this situation and will notify our customers if this changes.
