ISO 27001 Certification
SOTI is ISO/IEC 27001 certified since 2018
The independent auditors of KPMG have validated that SOTI adheres to international standards for Information Security Management Systems (ISMS). ISMS is a systematic, documented approach to managing risk and securing sensitive information, that involves all relevant personnel. The scope includes all SOTI ONE products delivered in the cloud (both AWS and Azure). All controls included in ISO/IEC 27002 (Appendix A) are in scope. An ISO 27001 certificate is earned after weeks of independent third-party analysis.
SOTI ISO 27001 Certificate
View Certification
SOC 2 Type II
SOTI SOC 2 Type II Report Available
Our SOC 2 Type II audit reports on controls at SOTI relevant to the security and availability of corporate systems and the SOTI ONE Platform hosted in the cloud. Conducted by independent auditors, this audit evaluates the design, implementation and effectiveness of the controls in place at SOTI over a period of time.
The audit takes an in-depth, comprehensive approach to collect and evaluate evidence that the controls are effective throughout the audit period. During a SOC 2 audit period, samples of the entire population are randomly selected for inspection. This approach assures you that you are getting a true picture of the organization.
The SOC 2 Type II report meets the needs of a broad range of users, providing detailed information and assurance about SOTI controls. Our report gives customers confidence that SOTI is committed to the security of their data.
A copy of our SOC 2 Type II report is available under NDA, please contact your sales representative.
Cloud Security Alliance’s Consensus Assessment Initiative Questionnaire
The CAIQ is an industry-accepted method of documenting in detail the security controls in place with a cloud service provider. The CAIQ answers 295 of the most common questions that cloud customers may ask to determine if our cloud services are secure
STAR Registry Listing
View Listing
ISO 27001/27002 Benefits
- Compliance - Adhering to these regulations is the best way to ensure data protection, privacy and effective IT governance. SOTI is continuously audited for compliance.
- Market Advantage - SOTI sets itself apart from the competition by assuring clients that their sensitive information is safe and secure. Many customers require certification before doing business with SOTI.
- Reduce Expenses - Lower expenses caused by security incidents, such as service interruptions, data leakage or the harmful actions of individuals (whether accidental or intentional).
- Orderly Business Growth - SOTI is a growing company. Therefore, it is important to identify who is responsible for: information assets, what are the duties of key people, and who can authorize system access.
SOTI Safe
In the event of a suspected security incident, please report the incident to the SOTI Safe team by calling this toll-free number +1 888 624 9828, then SAFE (or 7233). Leave a voice message with contact information and incident details. Please provide contact information and incident details. Alternatively, send this information to security-compliance@soti.net.
Report Incident
Call SOTI Safe Now
GDPR Compliance
SOTI is committed to making sure that its products and services comply with the General Data Protection Regulation (GDPR). The GDPR exists in the European Union (EU) to set a strong standard on data protection and privacy for an individual's personal information within the EU.
SOTI has implemented processes and has provided contractual commitments to ensure that personal information collected, used, or stored, outside of the EU by SOTI (or its service providers and corporate affiliates), is safeguarded and protected.
SOTI respects privacy rights. Remedies are available in the event of a security incident or privacy issue:
- The GDPR provides rights to individuals in regards to their personal information if they believe their personal data protection rights have been violated.
- Any questions or concerns regarding SOTI and your privacy rights, please direct privacy issues or concerns to privacy@soti.net. For more privacy information, see SOTI’s Privacy Mission Statement.
- For the report of any security incidents that do not impact your privacy rights, please submit them to SOTI Safe, as described above.