Request a Demo

Autopro is SOC 2 Type 2 Compliant.

The independent audit, conducted by EcommSecurity, certifies that AutoPRO’s systems and processes meet the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and Criteria. The SOC 2 Type 2 report documents AutoPRO’s services and risk management controls put in place to address common security risks defined by the AICPA and verifies compliance and operational effectiveness, outlining critical security policies, procedures, and safeguards necessary to protect and secure client data.

Security

Protecting the system against unauthorized access, be it physical or logical

Availability

Making the system available for use as agreed upon in contracts with customers

Processing Integrity

Ensuring the complete and timely processing of information

Confidentiality

Protecting any information deemed confidential with appropriate controls

Privacy

Handling any personal information per your organization’s privacy notice

Data Security In Transit And At Rest

Data can be exchanged either using external APIs using HTTPS or by using flat files. AutoPRO Uses a secure and encrypted connection for transfer of data over the Internet.
The data is encrypted at rest while residing in the Database. The encryption keys implement the AES-256 algorithm.
The mobile application uses the same internal APIs using HTTPS as the web application.
The API endpoints only accept HTTPS connections and the user needs to be authenticated.
Some data can be cached locally on the device using its encrypted database. The database is destroyed on logout and the data needs to be downloaded again from the servers.
For accessing data across the network to integrate with other tools a VPN is used so that the connection is secure and compliant to the highest security standards.
The API endpoints only accept HTTPS connections and the user needs to be authenticated.

Infrastructure

  • Our Canadian infrastructure is hosted with Amazon Web Services (AWS) in Canada.
  • Our US infrastructure is hosted with Amazon Web Services (AWS) in the United States.
  • Our Middle East infrastructure is hosted with Amazon Web Services (AWS) in Australia.
  • All Canadian client instances are hosted on Canadian geolocated infrastructure.
  • All data is TLS encrypted during transit
  • We adhere 100 % to all GDPR requirements and all relevant provincial level legislation

Release management

  •   Monthly releases ensuring you’re always on the latest version of the application
  • SLA managed notifications and thorough release notes
  • Weeklong release preview in safe environment
  • Guided webinars
  • Template resources for downstream communication

Apart from SOC 2 and GDPR compliance, AutoPRO is also ISO 27001: 2013 certified