At UP42, we empower organizations to discover, order, manage, and analyze geospatial data easily. How? Our platform offers a single touchpoint to order optical, SAR, and elevation data, streamlines data management, and empowers imagery processing with built-in analytics. Ever since our company’s founding in 2019, we’ve followed industry best practices to keep your data safe and secure. To further demonstrate our commitment to security and privacy, we’re proud to announce that we are now SOC 2 Type 2 certified. In this blog, you’ll learn more about SOC 2 certification, and the importance of rigorous data security practices at UP42.
Why is data security so important in our industry?
The geospatial industry gathers large volumes of complex information that contain sensitive information about locations, terrain, assets, and infrastructure.
Inaccurate, incomplete, or manipulated data can hinder the extraction of meaningful insights from data and prevent informed decision-making. So compliance with privacy regulations are a must when it comes to protecting location data, ensuring privacy, managing large and diverse datasets, and guarding against unauthorized access or cyber-attacks.
What practices does UP42 follow to keep data secure?
We’ve focused on data protection measures like encryption and access controls from day one. Our customer base includes a diverse range of companies, from startups to large enterprises with strict security requirements. This is why, at the end of 2022, we decided to look for a system that could help us further enhance our security framework and ensure full compliance automation. We partnered with Vanta, one of the most industry-trusted compliance and security platforms in the world. At the end of 2022, UP42 received the SOC 2 Type 1 certification. As of February 2024, following a comprehensive three-month third-party audit, we are officially Type 2 certified.
What is SOC 2 and what is the difference between Type 1 and Type 2 certification?
Developed by the American Institute of CPAs (AICPA), SOC 2 defines privacy and security criteria for managing customer data in a service organization. SOC 2 provides detailed information and assurance by examining main data management aspects such as security, availability, processing integrity, confidentiality, and privacy.
For example, security refers to protection against unauthorized access such as theft or alteration of data. Availability means that system, products, or services are accessible for operation and use as per contract or service level agreement (SLA). Whereas confidentiality ensures that confidential information is protected and access is restricted to a given number of people in the organization. This could be, for example, pricing, discounts, personal information, IP, and more.
A SOC 2 Type 1 audit assesses a company’s cybersecurity controls at a single point in time. It will assess that a company has the systems and tools in place to protect customer data. However, it will not assess how effective they are. The audit is less time-intensive than a SOC 2 Type 2 audit.
With SOC 2 Type 2, the auditors will test how effective those processes, systems, and tools are over a couple of months. The assessment is much more comprehensive and demonstrates the reliability of a company’s systems. You can find more information on the different certifications here.
Vanta was the right partner for UP42 because they seamlessly connect to our systems. For example, Vanta connects to our HR system and pulls employee information about current and new employees, or employees that need to be off-boarded from all systems. Vanta also connects to our identity management system, Google, and other tools, following the entire trail of employee accounts. Vanta and the SOC 2 certifications are not specific to the geospatial industry; they can help a range of organizations manage and secure customer data and ensure the tools and systems are in place in case of attacks or disaster recovery.
What does this mean for me and where can I find more information?
With the SOC 2 certification, you can trust that your geospatial data is handled securely and in compliance with recognized standards, reducing risks associated with data breaches or misuse. So you can confidently utilize geospatial data for your use case, without compromising on privacy and security.
Go to trust.up42.com to learn about every initiative UP42 has taken to keep your data safe and secure: infrastructure security, organizational security, product security, data and privacy, as well as internal security procedures. You can also request access to the UP42’s audit reports.
And since keeping your data safe and secure is at the core of our mission, our journey doesn’t stop here. We’ll continue to stay on top of the latest security trends and potential vulnerabilities in our industry so you can focus on safely using geospatial data in your organization.
If you have questions, please reach out to us at any time. We'd be glad to help or just have a short check-in.