Security and Compliance
dataPARC’s approach to security, privacy, and reliability is built into every layer of our software and services. This overview provides visibility into our security controls, compliance practices, and the measures we take to safeguard our customers’ operational and production data. Whether deployed on-premises or in hybrid environments, dataPARC is designed to support secure, compliant, and resilient industrial operations.
Cybersecurity Compliance
dataPARC maintains a SOC2 certification, demonstrating our commitment to rigorous security, availability, and confidentiality controls.
The same governance practices and technical safeguards that support our SOC2 compliance—such as strong access control, auditability, change management, and data integrity—also align with the security expectations found in other major standards.
As a result, dataPARC is designed to operate effectively in environments that must meet frameworks such as NIST, NERC CIP, ITAR, and 21 CFR Part 11, helping customers satisfy their own regulatory or industry-specific requirements when deploying our software.
Product & Data Security
- Access Control – granular role-based access related to system permissions and data access
- Authentication – dataPARC integrates with systems like Windows Active Directory to provide seamless single sign-on, eliminating the need for separate application passwords.
- dataPARC has comprehensive data security, development change management & incident response plan policies in place to address product security
- Encryption – dataPARC encrypts data across all communication layers using industry-standard protocols including OPC-UA (128-bit), TLS 1.2 for databases, and gRPC for internal data transfer.
- Audit Trails – dataPARC maintains robust audit trails as an integral part of the system administration, ensuring system compliance and validation
Endpoint & Network Security
- Employees adhere to comprehensive device and security protocols, covered in our Information Security Policy
- All employee hardware utilizes full disk encryption (AES-256)
- All workstations have anti-virus and antimalware software. Monitoring software is in place to ensure all systems are up to date
- Systems are in place to detect network anomalies and alert if there is a possibility of an incident
- An incident response plan is in place to quickly address any potential issues
- Regular penetration tests are performed on the IT network to ensure a secure system