Geotab Security, Trust and Telematics Privacy
Trusted by organizations in both the public and private sector for end-to-end telematics data security.
Geotab’s approach to effective data security
Geotab strongly values the trust our customers put in us to keep their data secure. Our end-to-end security approach extends from the training of our employees to our devices and regular internal audits, enabling us to be proactive in keeping you safe against new cyber threats. We follow a number of rigorous protocols and processes to protect our clients’ information and are trusted by many of the world’s most security-conscious organizations, including the General Services Administration (GSA). With the GSA, we have a multi-award schedule and blanket purchase agreement.
Resiliency is another critical component of our security lifecycle, which is why we constantly monitor our systems for potential vulnerabilities and work closely with cybersecurity leaders to advance our industry as a whole. We’ve made it our mission to help organizations achieve their data protection and telematics goals at the same time, powering a more efficient and sustainable world in the process.
Our End-to-End Security Lifecycle
- Routine Employee Security Training
- Incident Response Plan Optimization
- Designing Solutions and Loading Firmware
- Maintaining Certifications and Authorizations
- Server Security Management and Development
- Regular Process and Environment Testing
The Geotab security lifecycle: Data protection that transcends your fleet
Employee responsibility
Security incident training
Access & system monitoring
Penetration testing
Vulnerability scans
Ongoing security audits
Business continuity planning
Granular access controls
Privacy mode feature
A proven track record of quality data privacy, trust and compliance
Over 20 years of experience in secure fleet management
Reducing telematics privacy risks
Geotab takes customer telematics privacy extremely seriously, using detailed vulnerability testing to better protect information and reduce the potential for security breaches. Control your Geotab data as you see fit and use it to further your fleet’s efficiency.
Trustable data security processes
With rich experience in data security and our diverse ecosystem of security partners, Geotab’s reputation in telematics data protection is world-leading. We’re a pioneer in using the latest security resources to keep our customers’ information locked down.
Internal and external compliance
We comply with and stay updated on data standards related to both our own internal protocols and any regional laws. Our robust checks and balances system around security helps our customers have strong confidence in all of our intrusion protection methods.
Case Study
Discover why TELUS chose Geotab’s secure telematics platform
Improving fuel economy by 10% and keeping fleet information protected
TELUS relies on our fleet management software and stringent data security processes to run operations that are better protected against noncompliance and security risks.
Press Release
PICCASO Canada: Data Partnership Award
Geotab has a world-class data privacy program, as evidenced by the strong trust our clients put in our data management practices. We're also committed to driving innovation and partnering with technology leaders to deliver effective and secured solutions for our customers. The Data Partnership Award we received at Canada's 2024 PICCASO Awards gala formally recognizes our collaboration with other industry pioneers.
The Geotab security standard: Adherence to the highest security and compliance processes
FedRAMP Authorization
Our data security processes and environments are audited by a third-party assessor and recognized as FedRAMP-authorized. FedRAMP authorization enables us to serve federal government organizations and uniquely meet their precise cybersecurity needs.
FIPS 140-3 Validation*
Cryptographic modules within Geotab GO devices are compliant with FIPS 140-3 standards. This compliance level keeps our hardware congruent with the needs of government agencies that need to protect their data during the collection, storage and transmission phases.
ISO/IEC 27001:2013
Geotab’s Information Security Management System is documented as being compliant with the standards required for ISO/IEC 27001:2013. This security certificate verifies that our applications, internal processes and GO hardware devices are in line with accepted global information technology standards.
Cyber Essentials Certificate
Our Cyber Essentials Certificate of Assurance was awarded to us when a third-party agency audited our cyber attack ICT defense mechanisms. Our processes were found to be compliant with Cyber Essentials’ proper implementation profile.
SOC 2 Type 2
Geotab's SOC 2 Type 2 attestation provides assurance that our security controls are designed and operating effectively to protect the security, availability, and confidentiality of Geotab's systems and data. This rigorous, independent audit validates our commitment to data protection.
An undisputed leader in telematics security
Our Security Experts
Neil Cawse
Alan Cawse
Dirk Schlimm
Laurence Prystawski
Derek Saunders
Jason Perry
Geotab’s telematics security in action
Peruse our library of content resources to learn more about our data policies, how customers have achieved success with our platform and how we adhere to the highest telematics security standards available.
FAQs
Is my Geotab data truly mine?
Your data is yours to use as you see fit. Geotab will not dictate who it can be shared with or how it is used.
Who has access to my data within Geotab and what third-parties have access to it?
Geotab only accesses customer data for technical support and maintenance purposes, but access is restricted only to the specific personnel that need it. Data is never shared with third-parties. You determine the level of access your data has.
What level of data access do administrator or privilege accounts in MyGeotab have?
The specific permissions of these account types can be customized to your organization’s preferences, allowing you to determine different employee access levels.
Is Geotab compliant with the General Data Protection Regulation (GDPR) in Europe?
Yes. Geotab follows the guidelines in the GDPR, a data protection law implemented by the European Union (EU) in May of 2018.
Does Geotab conduct penetration tests?
Yes. Geotab conducts both regular penetration tests and vulnerability scans of all our servers and platforms. Our latest applications are also routinely provided to a number of external security researchers for independent examinations.
What security processes are in place around Geotab devices?
The cryptographic modules within Geotab devices are FIPS 140-3 validated. An industry standard AES-256 encryption algorithm also protects the communication channel between the secure Geotab Gateway server and device, helping prevent data interception and break-in attempts.
Does MyGeotab utilize multi-factor authentication?
Yes. Geotab uses two-factor authentication via a security assertion markup language (SAML) and single sign-on (SSO).
What company-wide security training and awareness measures does Geotab deploy?
All Geotab employees must take regular security awareness training and we employ a limited-authorization plan regarding internal data access. We also have a strictly defined internal process we follow in the unlikely event of a security incident, where the event is reported, communicated to affected parties, rectified and documented. Transparency is in our core values and we take every step possible to prevent security incidents from occurring.