Security & Compliance

Standard, Regulations, and Certifications

Your Data Is Safe With ControlUp

Security and privacy controls are always top of mind when it comes to using software as a service. At ControlUp, we are committed to the protection of confidentiality, integrity, availability, and privacy of our customers’ data and to their service continuity. Information security is vital to our customers’ business operations and to our own success. These principles govern us and the way we conduct business. While there’s no bulletproof solution to cloud data and service protection, we do everything possible to exceed expectations. ControlUp’s services are secure, reliable and trusted.

Compliance Programs


SOC 2 is an auditing standard focused on organizational controls in five areas: security, availability, processing integrity, confidentiality and privacy, as defined by the American Institute of Certified Public Accountants (AICPA). EY (formerly Ernst & Young), a global leader in assurance, tax, transactions and advisory services, performed a rigorous audit of ControlUp’s security controls and processes for its products and services.


The SOC3 report was concluded in February 2022 and covers the period between January 1, 2021 – December 31, 2021. The SOC 3 report can be freely distributed to the public for general use. The report is based on the criteria for security, availability, processing, integrity, and confidentiality by the standards of the American Institute of Certified Public Accountants (AICPA).

Read now

A CSA STAR Level 1 Questionnaire for ControlUp is available for download on the Cloud Security Alliance’s STAR Registry web site. The CSA Security, Trust & Assurance Registry (STAR). is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of the cloud providers they currently use or are considering using. ControlUp has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

ISO 27001

We Implement and maintain a security program that leverages the ISO/IEC 27000-series of control standards as its baselines, which ensure organizations keep information resources safe and secure.

View now
ISO 27017

We provide cloud-specific implementation guidance based on ISO/IEC 27002, and additional controls to address cloud-specific information security threats and risks.

View now
ISO 27018

With our ISO 27018 compliance, we ensure that ControlUp Customers`personally identifiable information (PII) is protected across cloud computing services.

View now
FIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules.
ControlUp has validated various cryptographic modules against the FIPS 140-2 standard.
The FIPS 140-2 standard specifies and validates the cryptographic and operational requirements for the modules within security systems that protect sensitive information.
These modules employ NIST-Approved security functions such as cryptographic algorithms, key sizes, key management and authentication techniques.
ControlUp has validated the OpenSSL FIPS module and is working on approving another FIPS cryptographic module – Bouncy Castle

View now
ISO 27701

We implement and maintain a privacy program, built upon ISO/IEC 27000-series, that ensure practicing in accordance with the best-in-place policies and procedures for complying with GDPR and other data protection/privacy regulations and laws.

View now

ControlUp Security White Paper

At ControlUp, we are committed to keeping your data safe by following best industry practices. To learn more, download the ControlUp security white paper.

Download White Paper  

GDPR, Privacy and Compliance at ControlUp

Your data’s integrity is our priority. That is why ControlUp is committed to implementing the GDPR guidelines to safeguard your personal data and privacy. To learn more, download the ControlUp GDPR statement.

Download GDPR Statement