Security & Compliance

Standard, Regulations, and Certifications

Your Data Is Safe With ControlUp

Security and privacy controls are always top of mind when it comes to using software as a service. At ControlUp, we are committed to the protection of confidentiality, integrity, availability, and privacy of our customers’ data and to their service continuity. Information security is vital to our customers’ business operations and to our own success. These principles govern us and the way we conduct business. While there’s no bulletproof solution to cloud data and service protection, we do everything possible to exceed expectations. ControlUp’s services are secure, reliable and trusted.

Compliance Programs



SOC 2

SOC 2 is an auditing standard focused on organizational controls in five areas: security, availability, processing integrity, confidentiality and privacy, as defined by the American Institute of Certified Public Accountants (AICPA). EY (formerly Ernst & Young), a global leader in assurance, tax, transactions and advisory services, performed a rigorous audit of ControlUp’s security controls and processes for its products and services.

SOC 3

The SOC3 report was concluded in February 2020 and covers the period between January 1, 2019-December 31, 2019. The SOC 3 report can be freely distributed to the public for general use. The report is based on the criteria for security, availability, processing, integrity, and confidentiality by the standards of the American Institute of Certified Public Accountants.

Download The Report
CLOUD SECURITY ALLIANCE

A CSA STAR Level 1 Questionnaire for ControlUp is available for download on the Cloud Security Alliance’s STAR Registry web site. The CSA Security, Trust & Assurance Registry (STAR). is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of the cloud providers they currently use or are considering using. ControlUp has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

ISO 27001

We Implement and maintain a security program that leverages the ISO/IEC 27000-series of control standards as its baselines, which ensure organizations keep information resources safe and secure.

View our certification
ISO 27017

We provide cloud-specific implementation guidance based on ISO/IEC 27002, and additional controls to address cloud-specific information security threats and risks.

View our certification
ISO 27018

With our ISO 27018 compliance, we ensure that ControlUp Customers`personally identifiable information (PII) is protected across cloud computing services.

View our certification

ControlUp Security White Paper

At ControlUp, we are committed to keeping your data safe by following best industry practices. To learn more, download the ControlUp security white paper.

Download White Paper  

GDPR, Privacy and Compliance at ControlUp

Your data’s integrity is our priority. That is why ControlUp is committed to implementing the GDPR guidelines to safeguard your personal data and privacy. To learn more, download the ControlUp GDPR statement.

Download GDPR Statement