GET FREE TRIAL
Skip to main content WE'RE HIRING CONTACT US
English
DeutschEspañolFrancaisItaliano日本語MagyarNederlandsPolskiPortuguêsРусскийSvenskaTürkçe
Open Search Box
GET FREE TRIAL

Security & Compliance

Speak to an Expert

ISO 27001 Certification

SOTI is ISO/IEC 27001 certified since 2018

Independent third-party auditors have validated that SOTI adheres to international standards for Information Security Management Systems (ISMS). An ISMS is a systematic, documented approach to managing risk and securing sensitive information, which involves all relevant personnel. The scope includes all SOTI ONE products delivered in the cloud (both AWS and Azure). All controls included in ISO/IEC 27002 (Appendix A) are in scope. An ISO 27001 certificate is earned after multiple weeks of independent third-party analysis.

 

View Certification

ISO 27001/27002 Benefits

  • Compliance - Adhering to these regulations is the best way to ensure data protection, privacy and effective IT governance. SOTI is continuously audited for compliance.
  • Market Advantage - SOTI sets itself apart from the competition by assuring clients that their sensitive information is safe and secure. Many customers require certification before doing business with SOTI.
  • Reduce Expenses - SOTI can reduce expenses caused by security incidents, such as service interruptions, data leakage or the harmful actions of individuals (whether accidental or intentional).
  • Orderly Business Growth - SOTI is a growing company. Therefore, it is important to identify who is responsible for the following: information assets, the roles and responsibilities of key people, and system access authorization.

SOC 2 Type II

SOTI SOC 2 Type II Report Available

Our SOC 2 Type II audit reports on controls at SOTI relevant to the security and availability of corporate systems and the SOTI ONE Platform hosted in the cloud. Conducted by independent auditors, this audit evaluates the design, implementation and effectiveness of the controls in place at SOTI over a period of time.

The audit takes an in-depth, comprehensive approach to collect and evaluate evidence that the controls are effective throughout the audit period. During a SOC 2 audit period, samples of the entire population are randomly selected for inspection. This approach assures that customers are getting a true picture of the organization.

The SOC 2 Type II report meets the needs of a broad range of users, providing detailed information and assurance about SOTI controls. Our report gives customers confidence that SOTI is committed to the security of their data.

A copy of our SOC 2 Type II report is available under NDA. Please contact your sales representative to request a copy.

AICPA SOC LOGO

Cloud Security Alliance’s Consensus Assessment Initiative Questionnaire

The CAIQ is an industry-accepted method of documenting in detail the security controls in place with a cloud service provider. The CAIQ answers 295 of the most common questions that cloud customers may ask to determine if our cloud services are secure

STAR Registry Listing

View Listing

Spain ENS

The Esquema Nacional de Seguridad (ENS), or National Security Framework, is a Spanish government-mandated cybersecurity standard. Under Royal Decree 311/2022, the ENS is mandatory for all public administrations in Spain and required for companies providing technology services to them. The ENS sets out a comprehensive framework of technical, organizational and procedural controls designed to ensure the security, integrity and reliability of digital services and information systems used by public sector entities and their technology providers.

Esquema Nacional de Seguridad certification View Certification

GDPR Compliance

SOTI is committed to making sure that its products and services comply with the General Data Protection Regulation (GDPR). The GDPR exists in the European Union (EU) to set a strong standard on data protection and privacy for an individual's personal information within the EU.


SOTI has implemented processes and has provided contractual commitments to ensure that personal information collected, used, or stored, outside of the EU by SOTI (or its service providers and corporate affiliates), is safeguarded and protected.


SOTI respects privacy rights. Remedies are available in the event of a security incident or privacy issue:

  • The GDPR provides rights to individuals in regards to their personal information if they believe their personal data protection rights have been violated.
  • Any questions or concerns regarding SOTI and your privacy rights, please direct privacy issues or concerns to privacy@soti.net. For more privacy information, see SOTI’s Privacy Mission Statement.
  • For the report of any security incidents that do not impact your privacy rights, please submit them to SOTI Safe, as described above.
GDPR Logo

Download Brochure

NIS2 Directive

The NIS2 Directive (Directive [EU] 2022/2555) is the European Union’s cybersecurity regulation designed to ensure a high, common level of cybersecurity across member states. NIS2 applies to entities across a wide range of sectors deemed essential or important, including energy, transport, banking, healthcare, drinking water, digital infrastructure, postal services, food production, and waste management.

Many of our customers are required to adhere to these regulations. NIS2 requires organizations to ensure supply chain security. SOTI has a strong information systems security and compliance program that can assist our customers in meeting their NIS2 supply chain obligations, including an Information Security Policy, risk analysis, a business continuity plan, incident response and reporting, supply chain risk management procedures, and vulnerability management procedures. Additionally, the SOTI ONE Platform’s EMM capabilities can assist organizations in NIS2-covered verticals to secure mobile devices and identities to meet the requirements of the directive.

PCI-DSS

The Payment Card Industry Data Security Standard (PCI-DSS) is a globally recognized framework designed to protect cardholder data and ensure secure payment processing. Developed by the PCI Security Standards Council, it applies to all entities that store, process, or transmit credit and debit card information.

PCI-DSS is not directly applicable to the SOTI ONE Platform, as we do not store, process or transmit payment card information. We do, however, support many businesses’ PCI-DSS requirements by enabling them to secure devices that process payments within their organizations.

EU CRA

Enacted in December 2024, the European Union Cyber Resilience Act (EU CRA) aims to improve the security of products with digital elements via measures such as automatic security updates throughout the product lifecycle and requiring products to be secure by default. The Act also requires manufacturers of hardware and software to report actively exploited vulnerabilities within defined timelines. SOTI is committed to complying with the applicable requirements of the EU CRA.

Corporate Social Responsibility

  • Freely Chosen Employment
  • Child Labor Avoidance
  • Fair Wages
  • Discrimination and Harassment
  • Anti-Bribery and Corruption
  • Business Ethics

Cyber Essentials

Cyber Essentials is a UK government certification developed by the National Cyber Security Centre (NCSC). It helps organizations of all sizes protect themselves against common cyber threats such as malware, phishing and supply chain attacks.

The SOTI ONE Platform can help businesses achieve Cyber Essentials certification by enforcing device security configurations, firewall settings, access control, malware protection and security update management.

SOTI Safe

In the event of a suspected security incident, please report the incident to the SOTI Safe team by calling this toll-free number +1 888 624 9828, then SAFE (or 7233). Leave a voice message with contact information and incident details. Please provide contact information and incident details. Alternatively, send this information to security@soti.net.