CalAmp
Building a Cloud Security and Compliance Program for Multiple Client Platforms Without Sacrificing Agility
INDUSTRY
Technology
PRODUCTS
SaaS platform for monitoring and tracking assets
LOCATION
Santa Clara, CA
ANNUAL REVENUE
$296M
Project Challenges
CalAmp’s Director of Product and Information Security Reza Salari knows compliance and security are of paramount importance. As an industry leader in IoT and telematics, the company manages its own sensitive data, and is a custodian of their customers' data. With this in mind, Salari partnered with ScaleSec to prepare for the SOC 2 process.
"Demonstrating strong security is important to earn the trust of our customers, and is critical to the business itself —ScaleSec’s reputation in the security and compliance space and their expertise in AWS cloud technology made them the perfect fit to help us prepare for audit."
Reza Salari, Ex-Director of Product and Information Security | CalAmp
Reza Salari, Ex-Director of Product and Information Security | CalAmp
Reza SalariEx-Director of Product and Information Security | CalAmp
Overview
CalAmp is a provider of IoT software applications, cloud services, data intelligence and networked telematics products and services. CalAmp’s AWS-based platform “PULS-CTC” has achieved SOC 2 Type I. Auditors examined the CalAmp telematics management platform, an environment that provides customers access to extensive intelligence and edge computing from their high-value mobile assets, cargo and infrastructure.
Insight
Multiple industries, such as automotive and trucking, construction, consumer goods, public safety, government, energy and insurance, are leveraging CalAmp’s flexible solutions to discover new ways to improve safety, increase productivity and reduce costs. This SOC 2 report will provide assurance that controls that protect these systems and data meet organizational security, transactions, and confidentiality of data as defined by the American Institute of Certified Public Accountants (AICPA). Further, it allows CalAmp to establish trust with consumers of their platform, reduce the time and cost of due diligence, and ultimately reduce the sales cycle time.
Services Provided
With multiple SaaS platforms and service offerings in the cloud, a “one size fits all” approach was not ideal for CalAmp’s SOC 2 efforts. Policies and procedures had to conform to strict standards but also support a rapidly-evolving company and industry. ScaleSec used their expertise in cloud-native services, cyber security, and development to help CalAmp build a cloud security and compliance program, with a set of security controls that provide true compliance and security without sacrificing agility.
Results / Impact / Highlights
Beyond technological aspects, the team introduced programs including risk management, employee development, vendor management, and regulatory monitoring capabilities. ScaleSec worked directly with the CalAmp team to design, document the system, demonstrating each control and preparing the team for audit.
"ScaleSec took a holistic view of CalAmp’s processes and controls to create a program that reflects reality. They came to understand our business as well as we did, and helped us reach a level of security we are truly proud of —They’re as much a part of our InfoSec team as anyone at CalAmp."
Reza SalariEx-Director of Product and Information Security | CalAmp