System and Organization Controls 2 (SOC 2) is a data security compliance standard that cloud-based service organizations use to determine and implement controls relevant to the security, availability and confidentiality of their customers’ information. At Fleetio, we use best practices to protect our customers’ data; we work with an independent auditor to maintain our SOC 2 report, which objectively validates our controls to ensure continuous data security.

Fleetio customers can enhance security and reduce password fatigue using Security Assertion Markup Language (SAML) 2.0 to access Single Sign-on (SSO). Minimizing unnecessary passwords often leads to stronger password creation with less inclination to write them down where unauthorized persons could see. We use the SSO strategy company-wide with required Two-factor Authentication (2FA) to keep others out of an account, even if credentials are compromised.

Fleetio’s data security protection meets Europe’s General Data Protection Regulation (GDPR) standards. GDPR is touted as the world's toughest privacy and security law when it comes to protecting customer data. We have incorporated GDPR standards into our data practices to ensure customer confidence in our security.

Fleetio uses Amazon Web Services (AWS) Simple Storage Service (S3) to securely store customer data on a large scale. In addition to AWS S3, we enable AWS Server Side Encryption (S3) on data, as well as for EC2 DBS data volumes. The encryption used is Amazon Encryption Standard (AES) 256, proven highly secure and virtually impenetrable.

At Fleetio, we know that not all your employees need to see the same data. To reduce data overload and increase accountability, account admins can customize user and contact permissions to ensure employees and stakeholders are seeing exactly what they need for boosted productivity and decision making.

At Fleetio, our employees are a key piece in keeping customer data secure. All our employees must pass a requisite, thorough background check before employment, and are required to complete Security Awareness Training at hire and regularly thereafter. Employee endpoint computers are hardened via mobile device management (MDM) which requires screen locks, hard drive encryption and anti-Virus installation, scans, and auto updates.

Fleetio continuously takes measures to ensure the security of all our customers’ data, including penetration tests and automatic updates through cloud-based software. We evolve our processes as new cybersecurity risks surface in order to stay ahead of potential threats.