Trust & Security Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Keeping data secure, confidential, and readily accessible are our greatest priorities.

Passport’s cybersecurity program is based on the concept of Defense in Depth: securing our organization and your data at every layer.

Our cybersecurity program aligns with the NIST Cybersecurity Framework, and Passport is SOC 2 compliant and PCI DSS Level 1 merchant and service provider certified.

While no system can guard against every potential threat, Passport’s defensive line is monitored 24/7, 365 days a year by skilled, highly trained professionals.

Passport’s cybersecurity team, led by our Chief Information Security Officer (CISO), is responsible for the implementation and management of our cybersecurity program. The CISO is supported by the members of Passport’s engineering and product teams and is enabled by our Executive Leadership team.

The focus of Passport’s cybersecurity program is to prevent unauthorized access to customer data. To this end, our team of dedicated cybersecurity practitioners, working in partnership with peers across the company, take specific steps to identify and mitigate risks, implement best practices, and continuously develop ways to improve.

ParkChicago-company-logoParkChicago
City of Pasadena-company-logoCity of Pasadena
City of Austin-company-logoCity of Austin
City of Asheville-company-logoCity of Asheville
LAZ Parking-company-logoLAZ Parking
SP+-company-logoSP+
University of North Dakota-company-logoUniversity of North Dakota
City of Bozeman-company-logoCity of Bozeman
Parkwell-company-logoParkwell

Documents

PCI DSS

Knowledge Base (FAQ)

    Does your product process protected health information (PHI) or any data covered by the Health Insurance Portability and Accountability Act?
    Do you currently use encryption in your database(s)?
    Do you control the transfer of information to external parties through authentication and encryption?
View more

Trust & Security Center Updates

Passport 2023 SOC 1 and SOC 2 Compliance

ComplianceCopy link

We are happy to announce that Passport's 2023 SOC 1 and SOC 2 reports are now finalized and live! Please check each card above to download the latest reports.

Our 2023 SOC 1 & 2 certifications were issued in February, 2024. These reports are our current and most recent audit results. Our next audit, for the 2024 review period, will be conducted in Q4 of 2024 and estimated for release in February, 2025.

Published at N/A*

Passport 2023 PCI Compliance

ComplianceCopy link

We are happy to announce that Passport's 2023 PCI reports are now finalized and live! Please check the cards above to download the latest reports.

Published at N/A

Passport's Mobile Parking Solutions and Privacy

GeneralCopy link

Passport works with municipalities across the US and Canada to provide cashless, digital parking solutions.

Our mobile parking solution asks for the following personal information when creating an account to pay for parking:

  • First and Last name
  • Phone number
  • Email address
  • License plate number
  • Vehicle Make and Model
  • State / Province

Passport’s mobile parking solution does not capture other information about the user. Passport does request access to details about the phone being used so that we can track mobile device and OS details. For example, we capture data about Android vs Apple mobile device utilization, and within each of those device categories, we are interested in the version of OS used. This helps us ensure our app testing and rollout strategy is informed by and aligned with realities of end-user phone adoption.

As a municipal mobile parking solution, Passport only tracks the space or zone # that someone parked in, along with the date that the parking transaction occurred. This information is absolutely necessary to maintain as it relates to a municipality's ability to enforce parking, whether Passport is the provider of enforcement software for a city, or if that software is provided by another company. Anytime that a citizen is parking, there will be a corresponding need to enforce if that parking violates timeframes or rules defined by a city or private operators in that city.

It is important to note that, beyond the information outlined above, Passport does not capture additional information about end-users and does not share or sell that information with third parties for commercial or marketing purposes. We do not "mine” or “glean” other data from our application.

Passport works on behalf of the municipalities in which we work and the data captured by our solutions are used for providing mobile parking solutions and are not a source of additional marketing or commercial activity by Passport.

This is also outlined in Passport’s Privacy Policy.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo