Request a Demo

Compliance & Data Protection

Security, Compliance & Privacy

IoT-specific cybersecurity framework with device authentication, network segmentation, encryption, privacy impact assessment, and facial recognition prohibition — built into the platform from day one, not bolted on after deployment.

0Regulations
0Frameworks
0Security Layers
0Audit Features

Canadian Municipal Compliance

Municipal & Provincial Regulations

Purpose-built for Canadian municipalities, with full alignment to federal, provincial, and municipal legislation governing public-sector data management.

Ontario

Privacy impact assessment required before every sensor deployment. Data minimization enforcement — collect only what is necessary. Purpose limitation per sensor type. Immutable audit trail for every data access. Retention and disposal per municipal policy. Public access to environmental monitoring data through open data portal.

Federal

Consent management for sensor deployments that may capture personal information. Breach notification workflow meeting PIPEDA timelines. Data minimization at the sensor level — anonymized traffic counting, decibel-only noise monitoring, ambient air quality measurements. No facial recognition without council approval.

Ontario

WCAG 2.1 AA compliance for the unified command centre and all operator interfaces. Full keyboard navigation, screen reader compatibility (JAWS, NVDA, VoiceOver), 4.5:1 color contrast ratios. Parking availability published in accessible formats for accessible parking space monitoring.

Ontario

Platform supports municipal service delivery obligations — water distribution, road maintenance, waste collection, environmental monitoring, by-law enforcement. Data governance aligned with municipal records retention requirements. Council reporting capabilities for infrastructure performance.

Ontario

Water quality monitoring against Ontario Drinking Water Quality Standards (O.Reg. 169/03). Continuous sensor data for chlorine residual, turbidity, pH, temperature. Alert-to-regulatory-report workflows for adverse water quality incidents. Supports operating authority compliance obligations.

Ontario

Continuous environmental monitoring supporting Environmental Compliance Approval requirements. Outfall water quality monitoring for stormwater discharge conditions. Air quality data supporting provincial environmental assessment processes. Noise monitoring against NPC-300 guidelines.

Ontario

Traffic counting, speed data, and intersection performance monitoring supporting traffic by-law enforcement, speed limit reviews, and school zone safety analysis. Data collection methods comply with HTA requirements for traffic studies used in regulatory decisions.

5 Compliant2 Aligned7 Shown

Compliance is not a feature we bolted on after launch — it is the architectural foundation every line of code is written against. Canadian municipalities deserve a platform that treats their legislative obligations as first-class requirements.

Civic Engineering

· Platform Architecture Team

Regulatory Compliance

Industry Frameworks

Beyond municipal legislation, satisfies internationally recognized compliance frameworks.

IoT cybersecurity framework aligned with NIST's IoT device security guidance. Device identification, configuration, data protection, logical access, software update, and cybersecurity state awareness capabilities implemented across the platform.

  • Device identification and inventory
  • Device configuration and hardening
  • Data protection (encryption at rest and in transit)
  • Logical access control (authentication, authorization)
  • Software update and vulnerability management
  • Cybersecurity state awareness and monitoring

Aligned with CSA (ITU-T) security capabilities for IoT — communication security, data management security, service security, integration security, and mutual authentication between IoT devices and the platform.

  • Communication security (TLS 1.3, DTLS)
  • Data management security (encryption, integrity)
  • Service provision security (access control, audit)
  • Integration security (API authentication, rate limiting)
  • Mutual authentication between devices and platform

Annual third-party audit of platform security controls against AICPA Trust Services Criteria. Covers infrastructure security, availability, processing integrity, confidentiality, and privacy for the IoT platform and data processing pipeline.

  • Security — Logical and physical access controls
  • Availability — System monitoring and incident response
  • Processing integrity — Data validation and error handling
  • Confidentiality — Encryption and access restrictions
  • Privacy — PIA enforcement and data minimization

Canadian-hosted data centres holding ISO 27001 certification for information security management systems. Physical security, environmental controls, access management, and business continuity for hosting IoT platform infrastructure.

  • Information security policies and organization
  • Asset management and access control
  • Physical and environmental security
  • Operations security and communications security
  • Business continuity management

Data Sovereignty

Canadian Data Sovereignty

All IoT sensor data — telemetry, alerts, device metadata, user activity, analytics, ML models, and audit logs — stored and processed exclusively in Canadian data centres. No cross-border data transfers. Data sovereignty contractually guaranteed.

DC-PrimaryOntarioTier IVDC-DRQuébecTier III+

Hosting

Canadian Only

Centres

3 Redundant

Encryption

AES-256

Sovereignty

PIPEDA / MFIPPA

Platform Security

Security Capabilities

Click any capability to explore the technical details behind each security layer.

Auditability

Audit Trail Features

Every action is logged, timestamped, and immutable — providing the complete audit trail required by provincial legislation and municipal accountability standards.

Layer 01

Device provisioning audit trail — every registration, configuration change, credential deployment, and decommissioning recorded with timestamp, operator, and before/after values

Layer 02

Firmware update history — per-device version tracking, approval chain, rollout group, health check result, and rollback events

Layer 03

Data access logging — every API call, dashboard access, data export, and report generation logged with user, action, scope, and source IP

Layer 04

Alert response tracking — generation, severity, routing, acknowledgement, escalation, resolution, and time-to-respond metrics

Layer 05

Network segmentation verification — annual documented verification of IoT network isolation controls with firewall audit and penetration test results

Layer 06

Privacy impact assessment registry — complete PIA registry linked to devices with status tracking (draft, review, approved, expired)

Layer 07

Vulnerability management log — all identified vulnerabilities tracked with severity, affected devices, remediation plan, and patch deployment dates

Layer 08

Security incident register — chronological record of incidents with detection, classification, response, root cause analysis, and preventive measures

Request Security Documentation