˽·¿¾ãÀÖ²¿

˽·¿¾ãÀÖ²¿ maintains an ISO 27001 certification which provides external auditor validation that an effective Information Security Management System (ISMS) has been established to identify and manage information risks through a comprehensive set of company-wide processes and security controls, including processes and controls that continually improve the ISMS.

?

Our ISO 27001 certification is available through our trust site at ?

˽·¿¾ãÀÖ²¿ maintains an ISO 27017 certification that provides external auditor validation that ˽·¿¾ãÀÖ²¿'s ISMS includes security controls for the secure management of ˽·¿¾ãÀÖ²¿'s cloud infrastructure as well as cloud service security for users of the ˽·¿¾ãÀÖ²¿ CMAP.

Our ISO 27017 certification is available through our trust site at

?Note: ISO 27017 is an extension of the ISO 27001 framework, and as such, ˽·¿¾ãÀÖ²¿'s ISO 27017 certification is included in ˽·¿¾ãÀÖ²¿'s ISO 27001 certificate.

˽·¿¾ãÀÖ²¿ is a proud member of the Cloud Security Alliance (CSA), an organization dedicated to enhancing the security of cloud computing. To demonstrate ˽·¿¾ãÀÖ²¿¡¯s commitment to security, ˽·¿¾ãÀÖ²¿'s security controls include scope for CSA¡¯s Consensus Assessment Initiative Questionnaire (CAIQ) which have been certified as STAR Level 2 by an external auditor. ˽·¿¾ãÀÖ²¿¡¯s CSA certifications and related CAIQ responses are available for review in the CSA STAR registry here.

?

Our CSA STAR certification and CAIQ are available through our trust site at

The service organization control (SOC) 1 Type II report provides an external auditor¡¯s attestation that ˽·¿¾ãÀÖ²¿ maintained appropriate controls around the Climate Management and Accounting Platform (CMAP) for customer financial reporting purposes (specific to carbon accounting). ˽·¿¾ãÀÖ²¿ received a clean, unqualified audit report with no exceptions.

?

Our (SOC) 1 Type II report is available through our trust site at

The service organization control (SOC) 2 Type II report provides an external auditor¡¯s attestation that ˽·¿¾ãÀÖ²¿'s security controls were in place and effective for the report¡¯s coverage period as related to the American Institute of Certified Public Accountant's (AICPA) trust service principles. ˽·¿¾ãÀÖ²¿ was audited against the Security, Availability, and Confidentiality trust service principles and received a clean, unqualified audit report with no exceptions.

?

Our (SOC) 2 Type II report is available through our trust site at

SOCOTEC International Certification verifies that our platform calculates emissions correctly based on the PCAF Standard.

T?V Rheinland stands for safety and quality in virtually all areas of business and life. Founded almost 150 years ago, the company is one of the world¡¯s leading, independent testing service providers; they rigorously validate that solutions, processes, and services comply with international standards. As such, T?V Rheinland is a global trademark of trust and verification.

The NIST Cybersecurity Framework (NIST CSF) provides guidance on how to manage and reduce IT infrastructure security risk. ˽·¿¾ãÀÖ²¿ has adopted the NIST Cybersecurity Framework to cornerstone the development and maturing of our security organization, processes, and procedures.