Request a Demo

Compliance & Data Protection

Security & Compliance

Enterprise security and regulatory compliance for Utility Billing

0Regulations
0Frameworks
0Security Layers
0Audit Features

Canadian Municipal Compliance

Municipal & Provincial Regulations

Purpose-built for Canadian municipalities, with full alignment to federal, provincial, and municipal legislation governing public-sector data management.

Ontario / Canada

Full compliance with Ontario's Safe Drinking Water Act and associated regulations (O.Reg. 170/03). Water quality assurance tracking, distribution system reporting, and consumption documentation support municipal drinking water licence requirements.

Ontario / Canada

Utility billing, penalty, discount, and collections processes align with Municipal Act authority for imposing and collecting utility charges. Arrears-to-tax-roll transfer per s.398 fully automated with audit trail for bylaw compliance.

Ontario / Canada

Customer personally identifiable information (name, address, account number, consumption data, payment history) protected per MFIPPA requirements. Role-based access control ensures only authorized personnel access customer data. Retention policies configurable per municipal records retention bylaws.

Ontario / Canada

Customer data collection, storage, use, and disclosure aligned with PIPEDA principles. Consent management for electronic communications (e-billing, conservation alerts). Data minimization — only information required for service delivery collected. Customer right-of-access supported.

Ontario / Canada

Online and counter payment processing meets PCI-DSS Level 1 compliance. Payment gateway tokenization — no card numbers stored in the utility billing system. Pre-authorized debit (PAD) processing compliant with CPA Rule H1. Payment data encrypted in transit (TLS 1.3) and at rest (AES-256).

Ontario / Canada

Pre-authorized debit (PAD) processing fully compliant with CPA Rule H1. Customer PAD agreement management with required notice periods, confirmation receipts, and cancellation processing. PAD file generation, bank reconciliation, and return handling per CPA specifications.

Ontario / Canada

Customer Self-Service Portal meets WCAG 2.1 AA standards per AODA requirements. Screen reader optimization for bill presentment, account management, and payment processing. Large-print bill formats available. Accessible design across all customer-facing interfaces.

7 Compliant0 Aligned7 Shown

Compliance is not a feature we bolted on after launch — it is the architectural foundation every line of code is written against. Canadian municipalities deserve a platform that treats their legislative obligations as first-class requirements.

Civic Engineering

· Platform Architecture Team

Regulatory Compliance

Industry Frameworks

Beyond municipal legislation, satisfies internationally recognized compliance frameworks.

Annual audit of security controls including access management, data protection, and operational monitoring. Customer billing data, payment information, and consumption records protected under trust service criteria.

  • Access management
  • Data protection
  • Operational monitoring
  • Trust service criteria

Information security management system certification covering utility billing operations, AMI data ingestion, payment processing, and customer portal security controls.

  • Billing operations security
  • AMI data ingestion
  • Payment processing
  • Customer portal security

Payment processing infrastructure meets the highest PCI-DSS certification level. Tokenized payment flows, encrypted PAD processing, and zero card-data storage within the utility billing environment.

  • Tokenized payment flows
  • Encrypted PAD processing
  • Zero card-data storage
  • Secure payment infrastructure

Implementation Group 2 alignment for municipal infrastructure protection. Hardened configurations, vulnerability management, protective monitoring, and incident response aligned with CIS benchmark standards.

  • Hardened configurations
  • Vulnerability management
  • Protective monitoring
  • Incident response

Data Sovereignty

Canadian-Sovereign Data Residency

All customer data, consumption records, and payment information remain within Canadian data centres. Municipal data sovereignty maintained for MFIPPA compliance and citizen trust. No cross-border data flows without explicit municipal authorization.

DC-PrimaryOntarioTier IVDC-DRQuébecTier III+

Hosting

Canadian Only

Centres

3 Redundant

Encryption

AES-256

Sovereignty

PIPEDA / MFIPPA

Platform Security

Security Capabilities

Click any capability to explore the technical details behind each security layer.

Auditability

Audit Trail Features

Every action is logged, timestamped, and immutable — providing the complete audit trail required by provincial legislation and municipal accountability standards.

Layer 01

Billing Operation Audit — Every billing cycle: bill generation, adjustments, estimates, re-bills

Layer 02

Payment Transaction Audit — All payment activities logged: receipts, refunds, NSF returns, PAD pro

Layer 03

Meter & Read Audit — Meter registry changes (installation, changeout, retirement, testing)

Layer 04

Customer Data Access Log — Every access to customer PII logged: who accessed which customer recor

Layer 05

Rate Configuration Audit — Rate structure changes, effective dates, approval references, and byla

Layer 06

Financial Integration Audit — GL posting, cash receipts, revenue journal entries, and arrears-to-tax

Layer 07

System Configuration Audit — Changes to billing parameters, penalty rates, notice templates, integr

Layer 08

Data Export & Report Audit — All bulk data exports, report generation, and customer data extraction

Request Security Documentation