SOC 2 is an auditing standard focused on organizational controls in five areas: security, availability, processing integrity, confidentiality and privacy, as defined by the American Institute of Certified Public Accountants (AICPA). EY (formerly Ernst & Young), a global leader in assurance, tax, transactions and advisory services, performed a rigorous audit of ControlUp’s security controls and processes for its products and services.
VIRTUAL DESKTOPS
Real-time monitoring, troubleshooting, and remediation
VDI & DaaS Monitoring VDI & DaaS Availability Testing
PHYSICAL DESKTOPS
Local and remote physical endpoint devices and apps monitoring
Physical Endpoint Monitoring SaaS & Web Apps Availability Testing Unified Communications
TECHNOLOGY PARTNERS
Platform integrations for ControlUp monitoring solutions
ControlUp Blog
Explore expert insights, tips, and best practices to optimize your IT operations
Read nowYour Data Is Safe With ControlUp
Security and privacy controls are always top of mind when it comes to using software as a service. At ControlUp, we are committed to the protection of confidentiality, integrity, availability, and privacy of our customers’ data and to their service continuity. Information security is vital to our customers’ business operations and to our own success. These principles govern us and the way we conduct business. While there’s no bulletproof solution to cloud data and service protection, we do everything possible to exceed expectations. ControlUp’s services are secure, reliable and trusted.
Compliance Programs
SOC 2
SOC 3
The SOC3 report was concluded in February 2022 and covers the period between January 1, 2021 – December 31, 2021. The SOC 3 report can be freely distributed to the public for general use. The report is based on the criteria for security, availability, processing, integrity, and confidentiality by the standards of the American Institute of Certified Public Accountants (AICPA).
CLOUD SECURITY ALLIANCE
A CSA STAR Level 1 Questionnaire for ControlUp is available for download on the Cloud Security Alliance’s STAR Registry web site. The CSA Security, Trust & Assurance Registry (STAR). is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of the cloud providers they currently use or are considering using. ControlUp has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.
ISO 27001
We Implement and maintain a security program that leverages the ISO/IEC 27000-series of control standards as its baselines, which ensure organizations keep information resources safe and secure.
ISO 27017
We provide cloud-specific implementation guidance based on ISO/IEC 27002, and additional controls to address cloud-specific information security threats and risks.
ISO 27018
With our ISO 27018 compliance, we ensure that ControlUp Customers`personally identifiable information (PII) is protected across cloud computing services.
FIPS 140-2
The Federal Information Processing Standard (FIPS) 140-2 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules.
ControlUp has validated various cryptographic modules against the FIPS 140-2 standard.
The FIPS 140-2 standard specifies and validates the cryptographic and operational requirements for the modules within security systems that protect sensitive information.
These modules employ NIST-Approved security functions such as cryptographic algorithms, key sizes, key management and authentication techniques.
ControlUp has validated the OpenSSL FIPS module and is working on approving another FIPS cryptographic module – Bouncy Castle
ISO 27701
We implement and maintain a privacy program, built upon ISO/IEC 27000-series, that ensure practicing in accordance with the best-in-place policies and procedures for complying with GDPR and other data protection/privacy regulations and laws.
ControlUp Security White Paper
At ControlUp, we are committed to keeping your data safe by following best industry practices. To learn more, download the ControlUp security white paper.
Download White PaperGDPR, Privacy and Compliance at ControlUp
Your data’s integrity is our priority. That is why ControlUp is committed to implementing the GDPR guidelines to safeguard your personal data and privacy. To learn more, download the ControlUp GDPR statement.
Download GDPR Statement
EN 
DE