At ATS Software, protecting our customers’ data is at the heart of what we do. As our software suite of solutions continues to power the AEC industry, ensuring our systems remain secure and compliant has become a strategic priority. That’s why we set out to achieve SOC 2 Type II compliance, and we’re proud to announce we’ve done it.
Achieving SOC 2 Type II compliance confirms that ATS Software’s core systems and controls, including data security, access management, and operational processes within the ATS Software environment, were independently verified under the Security trust criterion.
Working closely with Johanson Group LLP, ATS Software underwent a comprehensive review of internal controls covering data security, change management, access logs, and system reliability. This milestone strengthens trust among our clients and partners across North America, assuring them that their data and specifications are handled with the highest degree of confidentiality and integrity.
1. What SOC 2 Means for ATS Software Users in the AEC Ecosystem
In today’s connected design and construction environment, data flows continuously between manufacturers, engineers, architects, stakeholders and end users. Product specifications, drawings, and project information often move through multiple platforms before a building even breaks ground.
SOC 2 Type II compliance, developed by the American Institute of Certified Public Accountants (AICPA), is the gold standard for verifying that a technology company manages customer data securely. It evaluates an organization’s controls across five “trust service” criteria: security, availability, processing integrity, confidentiality, and privacy.
For our users and manufacturers, this certification means that when they log in to any of our software solutions within the ATS Network, their information is protected by enterprise-grade safeguards and continuously monitored systems. It’s not just a badge; it’s a formal assurance that ATS Software has the people, processes, and technology in place to protect every file, every piece of digital information, and every user interaction within the ecosystem.
2. Building Security Into the Core of ATS Software
Earning SOC 2 Type II compliance required more than passing an audit; it required embedding data protection into our culture and development process. Over the past year, ATS has enhanced its internal governance and technology frameworks to ensure security is not an afterthought but a foundation.
- Access Control: Every ATS Software platform now operates under a “least-privilege” model. This means employees and systems can only access the information essential to their role or function. Multi-factor authentication (MFA), encrypted credentials, and strict role-based permissions are enforced across environments.
- Data Management: Sensitive data is encrypted both in transit and at rest. Regular data classification reviews ensure that information is handled according to its sensitivity level, and secure APIs protect data transfers between ATS platforms and partner systems.
- Security Reviews & Change Management: All code deployments pass through controlled review gates and automated vulnerability scanning before release. Security and compliance teams conduct quarterly risk assessments, while third-party penetration tests verify that our defences remain robust and adaptable to new threats.
These internal frameworks don’t just meet compliance; they elevate operational resilience and reliability for every customer and partner that depends on ATS Software.
3. The Road Ahead: Continuous Improvement and Transparency
Security is not a one-time achievement; it’s an ongoing commitment. With our SOC 2 Type II certification complete, ATS Software is moving forward with a continuous monitoring strategy to sustain and strengthen our security posture.
- Continuous Monitoring: We’ve implemented regular vulnerability scanning, automated alerts, and logging to detect and respond to any anomalies across infrastructure and application layers.
- Annual SOC 2 Audits: ATS will maintain yearly third-party reviews to ensure our systems remain aligned with evolving AICPA standards and industry best practices.
- Enhanced Integrations: Security updates will continue to roll out across all ATS platforms, integrating deeper encryption, single sign-on (SSO) authentication, and proactive compliance dashboards for manufacturers and design professionals.
Through these initiatives, we reaffirm our mission: to empower the AEC industry with intelligent, secure, and trusted digital solutions that make specifying, quoting, and collaboration easier and safer than ever before.
Our commitment to security is an extension of our commitment to you. SOC 2 Type II certification represents the trust we’ve built together and the standard we’ll continue to uphold.
Share this article
