Passport 2022 SOC 1 and SOC 2 Compliance

Trust & Security Center

Get access to this Trust & Security Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Keeping data secure, confidential, and readily accessible are our greatest priorities.

Passport’s cybersecurity program is based on the concept of Defense in Depth: securing our organization and your data at every layer.

Our cybersecurity program aligns with the NIST Cybersecurity Framework, and Passport is SOC 2 compliant and PCI DSS Level 1 merchant and service provider certified.

While no system can guard against every potential threat, Passport’s defensive line is monitored 24/7, 365 days a year by skilled, highly trained professionals.

Passport’s cybersecurity team, led by our Chief Information Security Officer (CISO), is responsible for the implementation and management of our cybersecurity program. The CISO is supported by the members of Passport’s engineering and product teams and is enabled by our Executive Leadership team.

The focus of Passport’s cybersecurity program is to prevent unauthorized access to customer data. To this end, our team of dedicated cybersecurity practitioners, working in partnership with peers across the company, take specific steps to identify and mitigate risks, implement best practices, and continuously develop ways to improve.

Compliance

PCI DSS Logo
PCI DSS
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
Get access to this Trust & Security Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Passport is reviewed and trusted by

ParkChicagoParkChicago
City of PasadenaCity of Pasadena
City of AustinCity of Austin
City of AshevilleCity of Asheville
LAZ ParkingLAZ Parking
SP+SP+
University of North DakotaUniversity of North Dakota
City of BozemanCity of Bozeman
ParkwellParkwell

Documents

PCI DSS
SOC 2
HECVAT Full
SOC 1

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Audit Logging
Data Security
Integrations
See more

Self-Assessments

HECVAT Full

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Responsible Disclosure
Secure Development Training
See more

Legal

SubprocessorsAmazonSalesforce
Cyber Insurance
Privacy Policy
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Virtual Private Cloud

Corporate Security

Email Protection
Employee Training
HR Security
See more

Security Grades

Qualys SSL Labs
passportinc.com
A
ppprk.com
A
passportparking.com
A

Knowledge Base

  • Do you control the transfer of information to external parties through authentication and encryption?
  • Do you currently use encryption in your database(s)?
  • Does your product process protected health information (PHI) or any data covered by the Health Insurance Portability and Accountability Act?
See more

Trust Center Updates

Passport 2022 SOC 1 and SOC 2 Compliance

ComplianceCopy link

We are happy to announce that Passport's 2022 SOC 1 and SOC 2 reports are now finalized and live! Please check each card above to download the latest reports.

Published at N/A

We have received bridge letters from our auditor for the 2022 SOC 1 and SOC 2 reporting period while the 2022 reports are being finalized. Please check the SOC 1 and SOC 2 cards to download the letters from our auditors.

As soon as the final reports are available, we will update this portal with the latest documents and send out another Trust Center announcement.

Published at N/A

Passport's Mobile Parking Solutions and Privacy

GeneralCopy link

Passport works with municipalities across the US and Canada to provide cashless, digital parking solutions.

Our mobile parking solution asks for the following personal information when creating an account to pay for parking:

  • First and Last name
  • Phone number
  • Email address
  • License plate number
  • Vehicle Make and Model
  • State / Province

Passport’s mobile parking solution does not capture other information about the user. Passport does request access to details about the phone being used so that we can track mobile device and OS details. For example, we capture data about Android vs Apple mobile device utilization, and within each of those device categories, we are interested in the version of OS used. This helps us ensure our app testing and rollout strategy is informed by and aligned with realities of end-user phone adoption.

As a municipal mobile parking solution, Passport only tracks the space or zone # that someone parked in, along with the date that the parking transaction occurred. This information is absolutely necessary to maintain as it relates to a municipality's ability to enforce parking, whether Passport is the provider of enforcement software for a city, or if that software is provided by another company. Anytime that a citizen is parking, there will be a corresponding need to enforce if that parking violates timeframes or rules defined by a city or private operators in that city.

It is important to note that, beyond the information outlined above, Passport does not capture additional information about end-users and does not share or sell that information with third parties for commercial or marketing purposes. We do not "mine” or “glean” other data from our application.

Passport works on behalf of the municipalities in which we work and the data captured by our solutions are used for providing mobile parking solutions and are not a source of additional marketing or commercial activity by Passport.

This is also outlined in Passport’s Privacy Policy.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue