CalAmp helps reinvent business and improve lives worldwide with technology solutions that streamline complex IoT deployments and bring intelligence to the edge. Security is the backbone of that effort, protecting and securing data within our infrastructure, at the edge, and with our partners to provide the assurance our customers depend on.
CalAmp’s security team takes a holistic view of the threat landscape, practicing a defense-in-depth methodology to get a full understanding of the risk that is out there, leveraging decades worth of multi-industry experience, but also, looking into the question, what could happen? We take the perspective of those who mean good and those who don’t to provide a comprehensive global security program.
We follow best practice with TLS 1.2 security of our web facing applications as well as robust access controls, protecting the way in as well as who can see what. This is based on the principles of role-based access controls, as well as least privileged access, allowing the application to utilize the necessary services of our multi-tenant platform CalAmp Telematics Cloud (CTC), protecting and guiding the data from the application to our cloud platform in AWS.
With our SOC2 Type II attestation of CTC, CalAmp demonstrates above and beyond Cloud provided security measures, with additional CalAmp protective measures, protecting what’s most important to the customer, their data. As part of that attestation we verify that CTC as a multi-tenant solution is the right one for our customers. Integrating with our applications and edge devices, customers have the added security that they have appropriate level of security to protect their data.
We do this by practicing defense-in-depth methodologies both vertical and horizontally but let’s not forget, everything else in between. We make sure in our infrastructure by only having the right traffic go where it needs with the appropriate routing in place. Additionally, when the data ‘rests’ within our system, it is encrypted with AES 256 encryption protocols and it’s only resident for the purpose it serves.
While CalAmp is working to protect its infrastructure, applications, devices, and data, we employ the work of 3rd party organizations to audit and test our environment on a continuous basis. We’ve instituted the mindset of attack simulation, meaning, we look at the ways of how a malicious actor might get in vs just simply working over a list of things from a vulnerability scan. This helps us stay ahead of the ever-evolving threat landscape.
We have web facing capabilities, a platform offering, and we bring those capabilities to the edge. CalAmp offers devices with the latest security measures to include over the air patching, access control via SMS, message authentication, and different levels of encryption based on the devices your company needs. This allows our customer to pick the right solutions for their needs from protecting fleets and drivers with CalAmp iOn™ or protecting their construction equipment investments with LoJack® Stolen Asset Recovery System. The CalAmp information security team is with you every step of the way.
SOC 2 Type II
What is SOC2 Type II?
The Service Organization Control (SOC) 2 Type II examination demonstrates that an independent accounting and auditing firm, has reviewed and verifiied that an organization has met its control objectives, meaning, do you do what you say you do.
SOC 2 takes a look at many areas to include Policies, Communications, Procedures and Monitoring. CalAmp has achieved a SOC2 Type II certification which looks the various security controls over a period of time rather than just a one point in time.
Security continues to be a differentiating factor across many industries not excluding CalAmp. CalAmp understands the evolving security landscape by providing secure solutions allowing our customers to focus on what’s important for them, the security of their data.Greg McCord Sr. Director, Information Security
CalAmp’s bug reporting program allows for community input for CalAmp systems providing a secure way to discuss security with the CalAmp Information Security team. We provide a secure way to interact and share any information in relation to security bugs of our systems and technology.