Samsara’s mission is to bring the benefits of sensor data to the organizations that drive our economy and to improve the efficiency, safety, and sustainability of their operations.
Samsara products are built from the ground up with security and privacy in mind. Given the large amounts of data our system generates, we hold data security to the highest standards.
As a customer-centric company, Samsara is deeply committed to the security of customer data within our entire platform—from our cloud and mobile applications to our hardware devices. As a part of this continued commitment, we’re excited to announce we’ve received our SOC 2 Type I and Type II report.
To learn more about Samsara's security practices and policies please click here.
Why did Samsara pursue a SOC 2 report?
Our customers rely on Samsara every day to power their business—from properly routing and dispatching drivers with real-time GPS to creating effective preventative maintenance schedules with diagnostic and engine fault code data. It’s crucial that we help our customers by ensuring that their data is secure and available.
What is a SOC 2 report?
SOC stands for “Service and Organization Controls”. These controls are a set of standards outlined by the American Institute of Certified Public Accountants (AICPA) to measure how a service organization handles its users’ data. A SOC 2 report provides detailed information and assurances about a service organization’s controls relevant to the systems the service organization uses to process customer data. A service organization may obtain a SOC 2 report after a third-party review of the security and availability of those systems. Companies often rely on a service organization’s SOC 2 report as a security compliance requirement.
For Samsara, the report serves as an assurance to customers that we sufficiently:
Secure customer data and personal information
Ensure customers have easy access to their data within our platform
Prevent unauthorized access to customer data and information
The SOC 2 process has two components: a Type I report and a Type II report. In 2019, we received our SOC 2 Type I report. This report described the systems we use to process data and the suitability of those internal controls.
This year, we’ve received our Type II report. The SOC 2 Type II report looks at how effectively our internal controls and processes operate over a longer period of time—usually between six months to one year.
What is included in Samsara’s SOC 2 report?
Our full SOC 2 report describes the various security controls and processes we use to secure customer data and make this data consistently available to our customers. It details the precise software infrastructure and processes we use to achieve data security and availability. A few of the controls covered in our report are:
System monitoring and ongoing risk assessments
Internal access control to production environments
Disaster recovery, data backup, and incident response processes
Communication of changes to customers
Employee on-boarding and termination processes
These are just some of the many practices that are detailed in our SOC 2 report—but our commitment to the privacy and trust of our customers doesn’t stop there. As part of our ongoing dedication to data security and availability, we are consistently and critically reviewing how we collect, manage, and secure customer data. And as part of that process, we plan to continue obtaining periodic SOC 2 Type II reports.
If you’re a current or prospective Samsara customer and wish to view the full report, you can request a copy from your Samsara account representative.
Our SOC 2 Type II report is just one of many ways that we’re committed to providing the highest quality of service to our customers. To learn more about our commitment to cybersecurity, read about our security practices and privacy principles.
If you believe you've discovered a security vulnerability, please contact Samsara Support immediately. Samsara takes all such reports seriously. We will investigate the reported issue and work quickly to fix valid vulnerabilities.