OPEN Technologies Achieves SOC 2 Certification: Our Commitment to Securing the Data That Shapes Our Cities
OPEN Technologies has achieved SOC 2 Type II certification. This marks a major milestone in how we protect customer data and manage risk, and it represents a new level of maturity for our organization.
Why SOC 2 Matters for Building Performance Data & Municipalities
With soon over 50,000 buildings registered through our platform, it is crucial that we protect all participants’ data. That data informs building investment decisions, drives regulatory compliance, and underpins core business decisions. In other words, the stakes around data integrity, availability, and confidentiality are real.
Our municipal partners recognize this too. Increasingly, cities are requiring formal security certifications as a condition of engagement — and rightly so. SOC 2 Type II gives us an independent, third-party validation that our systems aren’t just designed to be secure, but are functioning securely over time.
What SOC 2 Actually Is
SOC 2 is an independent audit of our controls for customer data. It provides assurance to our customers that we have systems in place to protect their data, and that those systems are both well designed and well functioning. The audit covers controls relating to information security systems — such as our cloud infrastructure configurations and software development processes — as well as organizational processes such as employee onboarding and access management.
What It Took
Many of our systems had grown organically over time as we built products and functionality on an as-needed basis. The SOC 2 process required us to consolidate and standardize the way we manage our infrastructure. On the other side of that work, not only are we more secure, but our infrastructure is much more maintainable and we are empowered to stand up and deploy new services from within a secure-by-default, infrastructure-as-code environment.
As a small organization, we also had many internal processes that were followed by convention but not always codified. Our best practices are now explicitly encoded into our policies, and where possible, our systems are configured so that workflows follow those practices by default.
“The SOC 2 process pushed us to consolidate systems that had grown organically over the years into a secure-by-default, infrastructure-as-code environment. The result is that we can now stand up and deploy new services faster and with more confidence — not in spite of our security controls, but because of them.”
— Simon Stanlake, Fractional CTO, OPEN Technologies
Looking Ahead
Any formerly ad-hoc systems have been brought in line with policies, and processes have been put in place to ensure security controls are applied consistently across our organization. As the regulatory landscape for building performance data continues to mature — and as more cities move from voluntary programs to mandatory compliance — we’re proud to be operating at a standard that matches the trust our partners place in us.
About OPEN Technologies
OPEN Technologies is a Vancouver-based technology company specializing in data tools to help make pro-climate decisions with confidence. The company’s GRID benchmarking and disclosure platform is used by approximately 30 jurisdictions to guide informed decision-making and investment into building decarbonization. OPEN’s Virtual Decarbonization Planner (VDP) helps building owners identify retrofit and renewal pathways faster and more cost-effectively than traditional consulting approaches, generating comparable planning insights for a fraction of the cost and time of engineer-led energy studies.