Geotab Security Center
Information related to Geotab’s security and privacy policies.
Geotab’s security policy
Geotab takes a rigorous approach to information security following the principle of continuous improvement. To protect ourselves, our customers and partners, Geotab is constantly reviewing, improving and validating our security mechanisms and processes to ensure our systems remain resilient to intrusion and disaster. Geotab also collaborates with leading stakeholders to advance security across the industry. As we grow, more industries, fleets and customers will benefit from Geotab’s uncompromising stance on information security.View security policy
Geotab demonstrates our commitment to information security and data protection through validation of our system and processes.
Compliance certifications and authorizations:
•ISO/IEC 27001:2013 Information Security Management System
•FedRAMP Authorized for Geotab cloud-based telematics platform
•FIPS 140-2 validation for the Geotab GO device cryptographic library
•Cyber Essentials Certificate
Cybersecurity is an essential part of your business, now more than ever. Learn data security best practices for executives. Get information on cybersecurity notifications and standards to help mitigate cyber risk.
Customer data privacy
Geotab provides its customers with an industry-leading, open platform fleet management solution for collecting and analyzing vehicle and fleet data. With Geotab, customers have power and control over their own data. Although the Geotab platform does not require personal data, nevertheless, some customers may choose to include personal data (also called personally identifiable information or PII), such as driver-specific data, to help achieve additional business goals.
Maintaining the privacy of customers’ data is an important priority of Geotab’s data management activities. As a data processor, Geotab implements and maintains technical and organizational measures designed to keep customer data secure and private. Individual customer data is processed according to the customer’s instructions and chosen settings that enable the proper functioning of the solution and its ongoing improvement. Geotab has carefully controlled and audited access to personal data in a customers’ database in the event that the customer needs support on their data for safety or troubleshooting.
Vulnerability responsible disclosure
Geotab takes security and transparency very seriously and we appreciate the ongoing efforts of Individuals or entities who study security and/or security vulnerabilities. To better serve security researchers, Geotab has developed a program to make it easier to report vulnerabilities and to recognize those researchers for their effort to make the Internet a safer place. This policy provides Geotab’s guidelines for reporting vulnerabilities to Geotab.
If you believe you have found a security vulnerability that could impact Geotab or our customers, we encourage you to let us know right away. We will investigate all legitimate reports and do what is required to fix the problem as soon as possible. We ask that all researchers follow our Vulnerability Disclosure Policy and make a good faith effort to avoid privacy violations, destruction of data and interruption of services during your research.
Geotab’s CVE-2021-44228 Response
The US Cybersecurity and Infrastructure Security Agency (CISA) recommends taking immediate action on the Log4j vulnerability.Read blog post
Geotab’s security leadership team
Contact Geotab Security
For any questions or comments about Geotab’s Security programs, please fill out the form below. We will contact you as soon as possible. Have a question about the product? Click here.
Thank you, our security team will contact you as soon as possible.