- SafetyCulture
- Security
Security
Our mission
We’re here to help companies achieve safer and higher-quality workplaces worldwide through our innovative mobile and web-based products. The SafetyCulture (iAuditor) platform is trusted by over 75,000 companies globally and we pride ourselves on promoting safety and quality.
Certifications
We take cybersecurity seriously. Our active, robust, and continually improving cybersecurity program ensures the security of our customer’s data and the services we provide.
ISO 27001
SafetyCulture is ISO 27001:2022 certified. This certification proves we’ve implemented security controls to protect our customers’ data from unauthorized access or compromise and that we follow security best practices
SOC 2 Type II
SafetyCulture follows the AICPA’s Trust Services Criteria affirming our dedication to customer security. Our SOC 2 Type II audit report is a testament to this commitment.
Key features
Aligning with globally recognized best practices
SafetyCulture maintains comprehensive security policies and procedures that are regularly reviewed and updated to ensure current and effective cybersecurity practices. Accountability is enforced through a security management forum, and access to systems is tightly controlled with multi-factor authentication and VPN requirements. We regularly review the security of the third-parties we use and our products are protected by firewalls,IDS, and IPS technology. Our centralized logging and monitoring systems help identify malicious activity and vulnerabilities, while regular security training ensures all personnel are equipped to handle security challenges. Patching and vulnerability management are prioritized, with critical patches deployed promptly to maintain security.
Committed to data protection and privacy
SafetyCulture ensures customer data is protected from unauthorized access by storing it in a secure production environment and limiting access to essential personnel. Access control, multi-factor authentication, and strict data use policies are enforced, requiring customer consent for support purposes. Customer data is protected at rest and in transit by encryption, including use of AES-256 and TLS 1.2 (or later). Regular encrypted backups are maintained of customer and SafetyCulture data across multiple facilities, and secure deletion protocols ensure the safe disposal of data.
Built on Amazon Web Services
Customer data is hosted on infrastructure provided by Amazon Web Services (AWS) which maintains the security of the data and their sites using industry best practice controls as outlined on their security and compliance website. Our solution is able to leverage the capabilities of AWS to scale as needed.
Global support organization built for immediate response
SafetyCulture is committed to preventing security incidents and is prepared to handle them to effectively minimize impact. We have a documented Incident Management Procedure that protects the confidentiality, integrity, and availability of our products. Our global support organization, disaster recovery plans, and contingency strategies, work together to ensure we keep our product secure and available. We use AWS’s Availability Zones, coupled with data replication, to ensure operational continuity and data redundancy. We promptly alert affected clients of major incidents impacting service availability or data integrity, in line with our Terms and Conditions.
SafetyCulture considers cybersecurity a fundamental part of our business and the products we provide globally. While this summary outlines our multifaceted security approach, we have extensive controls and measures in place beyond what is covered here. For further details or questions about our support, security, or privacy practices, please contact us directly.
Support
support@safetyculture.com
Privacy
privacy@safetyculture.com
To report a security incident, please contact us at security@safetyculture.com.