Security & Compliance

Speak to an Expert

ISO 27001 Certification

SOTI is ISO/IEC 27001 certified since 2018

The independent auditors of KPMG have validated that SOTI adheres to international standards for Information Security Management Systems (ISMS). ISMS is a systematic, documented approach to managing risk and securing sensitive information, that involves all relevant personnel. The scope includes all SOTI ONE products delivered in the cloud (both AWS and Azure). All controls included in ISO/IEC 27002 (Appendix A) are in scope. An ISO 27001 certificate is earned after weeks of independent third-party analysis.


SOTI ISO 27001 Certificate

View Certification

SOC 2 Type II

SOTI SOC 2 Type II Report Available

A SOC 2 Type II audit reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy. Conducted by independent, BDO Canada auditors, this audit evaluates the design, implementation and effectiveness of the controls in place at SOTI over a period of time.

The audit takes an in-depth, comprehensive approach to collect and evaluate evidence that the controls are effective throughout the audit period. During a SOC 2 audit period, samples of the entire population are randomly selected for inspection. This approach assures you that you are getting a true picture of the organization.

The SOC 2 Type II report meets the needs of a broad range of users, providing detailed information and assurance about SOTI controls. Covering all the controls relevant to the confidentiality, integrity and availability (CIA) of SOTI systems, the report gives customers confidence that SOTI is committed to the security of their data.

A copy of our SOC 2 Type II report is available under NDA, please contact your sales representative.

SOTI Security Policies 

SOTI has policies in place to reduce the risks associated with managing information assets. These policies address the controls in the ISO 27001/27002 standard. Click download below to view our Security Policy Essentials.

View Policy Brief

Cloud Security Alliance’s Consensus Assessment Initiative Questionnaire

The CAIQ is an industry-accepted method of documenting in detail the security controls in place with a cloud service provider. The CAIQ answers 295 of the most common questions that cloud customers may ask to determine if our cloud services are secure

STAR Registry Listing

View Listing

ISO 27001/27002 Benefits

  • Compliance - Adhering to these regulations is the best way to ensure data protection, privacy and effective IT governance. SOTI is continuously audited for compliance.
  • Market Advantage - SOTI sets itself apart from the competition by assuring clients that their sensitive information is safe and secure. Many customers require certification before doing business with SOTI.
  • Reduce Expenses - Lower expenses caused by security incidents, such as service interruptions, data leakage or the harmful actions of individuals (whether accidental or intentional).
  • Orderly Business Growth - SOTI is a growing company. Therefore, it is important to identify who is responsible for: information assets, what are the duties of key people, and who can authorize system access.


In the event of a suspected security incident, please report the incident to the SOTI Safe team by calling this toll-free number +1 888 624 9828, then SAFE (or 7233). Leave a voice message with contact information and incident details. Please provide contact information and incident details. Alternatively, send this information to

Report Incident

Call SOTI Safe Now

GDPR Compliance

SOTI is committed to making sure that its products and services comply with the General Data Protection Regulation (GDPR). The GDPR exists in the European Union (EU) to set a strong standard on data protection and privacy for an individual's personal information within the EU.

SOTI has implemented processes and has provided contractual commitments to ensure that personal information collected, used, or stored, outside of the EU by SOTI (or its service providers and corporate affiliates), is safeguarded and protected.

SOTI respects privacy rights. Remedies are available in the event of a security incident or privacy issue:

  • The GDPR provides rights to individuals in regards to their personal information if they believe their personal data protection rights have been violated.
  • Any questions or concerns regarding SOTI and your privacy rights, please direct privacy issues or concerns to For more privacy information, see SOTI’s Privacy Mission Statement.
  • For the report of any security incidents that do not impact your privacy rights, please submit them to SOTI Safe, as described above.