Security & Compliance

Standard, Regulations, and Certifications

Your Data Is Safe With ControlUp

Security and privacy controls are always top of mind when it comes to using software as a service. At ControlUp, we are committed to the protection of confidentiality, integrity, availability, and privacy of our customers’ data and to their service continuity. Information security is vital to our customers’ business operations and to our own success. These principles govern us and the way we conduct business. While there’s no bulletproof solution to cloud data and service protection, we do everything possible to exceed expectations. ControlUp’s services are secure, reliable and trusted.

Download White Paper  


SOC 2 is an auditing standard focused on organizational controls in five areas: security, availability, processing integrity, confidentiality and privacy, as defined by the American Institute of Certified Public Accountants (AICPA). EY (formerly Ernst & Young), a global leader in assurance, tax, transactions and advisory services, performed a rigorous audit of ControlUp’s security controls and processes for its products and services.


The SOC3 report was concluded in February 2020 and covers the period between January 1, 2019-December 31, 2019. The SOC 3 report can be freely distributed to the public for general use. The report is based on the criteria for security, availability, processing, integrity, and confidentiality by the standards of the American Institute of Certified Public Accountants.

Download The Report


A CSA STAR Level 1 Questionnaire for ControlUp is available for download on the Cloud Security Alliance’s STAR Registry web site. The CSA Security, Trust & Assurance Registry (STAR). is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of the cloud providers they currently use or are considering using. ControlUp has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

ISO 27001

We Implement and maintain a security program that leverages the ISO/IEC 27000-series of control standards as its baselines, which ensure organizations keep information resources safe and secure.

View our certification

ISO 27017

We provide cloud-specific implementation guidance based on ISO/IEC 27002, and additional controls to address cloud-specific information security threats and risks.

View our certification

ISO 27018

With our ISO 27018 compliance, we ensure that ControlUp Customers`personally identifiable information (PII) is protected across cloud computing services.

View our certification

ControlUp Compliance with GDPR

ControlUp is committed to General Data Protection Regulation (GDPR) compliance. Our engineering, product, security and compliance teams have been working diligently to align our procedures, documentation, contracts, and services to support compliance with GDPR guidelines.

Download GDPR Statement