Sollum Platform and Systems Security Overview

Sollum offers its solution in a SaaS-managed model as an annual subscription with on-premises and web-based security login. The portal application, as well as all data at rest, are hosted both on client premises and within SSAE18-certified Tier-3 data centers located in Canada. Production systems are configured for high-availability and scalability with active 24/7 monitoring. We have a dedicated online operations team that can be reached 24/7 through the Technical Emergency Hotline. Employees’ personal data and horticulture production data are among the most valuable assets our clients have. In addition to data, the protection of the integrity of our client’s production operations is of foremost importance to us. The agri-food supply chain is a critical national infrastructure sector and can be the target of cyber threats and agro-terrorism: that is why our top priority is delivering a comprehensive, high-performance solution with a focus on keeping our customers’ data safe, their interactions secure, and their businesses protected.

GOVERNANCE

Sollum’s operations are governed by a formal Governance Risk and Compliance (GRC) Information Security program, with documented Information Security and Privacy policies. Our security guidance is aligned with the CSA Cloud Control Matrix, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

POLICIES

We have Information Security policies in place that cover the following areas: Compliance, User Training, Personnel Screening, Code of Conduct, Logical Access, Network Security, Incident Response Handling, Information Systems Development and Maintenance, Information Governance, Information Exchange, Encryption Management, Audits & Reviews and Hosting Security. Information Security policies are formally acknowledged by employees and key suppliers, and training is provided yearly. Regular assessment reviews of our suppliers’ Information Security posture are conducted and documented.

PHYSICAL SECURITY

Sollum’s cloud operations are hosted at SSAE 18 / ISAE 3402 Type II compliant facilities. These facilities feature multiple layers of physical security with tightly controlled access. Multiple physical security layers are enforced to protect data center floors. Including biometric identification, metal detection, cameras, vehicle barriers, and intrusion detection systems. The facilities are powered by redundant power and backup generators.

NETWORK SECURITY

Our cloud infrastructure operates within fully isolated secure private virtual clouds configured using explicit traffic-deny firewalling policy, private network anti-spoofing protection, and defense against Layer 4 attacks, such as SYN floods, IP fragment floods and port exhaustion. Our facilities implement application-level firewalls with encrypted and non-encrypted traffic deep packet inspection for defending against malware, exploits, and malicious websites and federated coordination for dealing with unknown sophisticated attacks.Appropriate logs and automatic alerts are maintained on all network systems. All systems, networked devices, and circuits are constantly monitored.


TRANSMISSION SECURITY

All sensitive communications with Sollum servers and lighting systems are encrypted using industry-standard encryption such as Transport Layer Security (TLS) and S-DES. VPN connections are only granted on a need basis.

ACCESS CONTROL

All access to data within Sollum is governed by access rights and authenticated by multi-factor authentication and strong username and password requirements. Our security architecture ensures a need-to-know segregation of customer data. Sollum’s online operations team, as well as specific members of our development team, are the only individuals with access to Sollum’s servers and production databases. Other Sollum employees do not have access to Sollum’s production servers.

APPLICATION SECURITY

Sollum’s SaaS platform follows industry best practices for secure credential storage by storing hashed and salted passwords. Sollum’s SaaS platform supports task-based granular access privileges and configurable authentication settings. Sollum’s SaaS platform maintains a robust application audit log, to include security events such as user logins or configuration changes. Threat modeling integrated into the development lifecycle and coding practices follows OWASP security best practices. HTTPS with Secure Sockets Layer (SSL) is fully enabled for all users at all times.

IoT SECURITY

Sollum IoT security guidance is aligned with UL MCV 1376, a framework that focuses primarily on device-centric security capabilities. UL MCV 1376 is a baseline-driven security verification framework that groups sets of industry-referenced security best practices in the following areas: Process & Documentation, Communication Security, System Management, Logical Security, Data & Cryptography and Software Update. UL MCV 1376 references and/or maps to various industry-leading security frameworks, such as EN 303 645, NISTIR 8259A and the CSDE C2 Consensus Report.

DATA SECURITY

Archived data and backups are treated with the same level of care as active data. Access to backups and to the restoration process is restricted. We maintain disposition processes for records and media. Hard-copy media, such as paper, are shredded and or destroyed beyond reconstruction. All data storage is properly sanitized before destruction or redeployment.

INCIDENT MANAGEMENT

We maintain a process that enforces notification to the affected customer within twenty-four (24) hours of an incident related to the security of information that likely or effectively resulted in wrongful access to data. Security incidents include the following: unauthorized physical access or breach, unauthorized logical access or breach, malware, DoS, breach of confidentiality, systems access by an employee or contractor without appropriate clearance for such access or who otherwise use the systems inappropriately. Clients will be notified of the approximate date and time of the incident. They will also be provided with a summary of all relevant facts as well as of actions taken to rectify the processes and any negative impact from the incident.

BUSINESS CONTINUITY

We maintain a plan that addresses the recovery of all areas of the business, with minimal impact on customers, in case of a significant disaster or contingency situation. The plan aims at enabling business continuity situations such as a loss of access to our head offices, loss of our primary data center or epidemic outbreak.

PRIVACY

Sollum’ privacy policy is published on its website. The policy identifies the information gathered, how it is used, with whom it is shared, and the customer’s ability to control the dissemination of information.To deliver its services, Sollum must collect certain user information, such as email address and account level passwords for accessing Sollum’s SaaS platform. Unless expressly authorized, Sollum will not disclose this confidential information to any third party or use this information in any manner other than to deliver the agreed upon services. With its users’ express consent, Sollum sends service update messages to its users at the email addresses they provided when requesting the service.Sollum uses cookies and session storage on its customers’ visitors’ browsers as well as on SaaS portal end-users’ browsers. Cookies and session storage items may at times hold a generated unique number but never contain any personally identifiable information or sensible information such as passwords. Deleting cookies will not be detrimental to the user-experience of visitors, respondents, end-users, or the proper working of Sollum products. We provide detailed and transparent documentation about how cookies and session storage are used.

CONTACT US

We welcome any further questions, are happy to provide clarifications when needed, and are open to audits by our customers. Please contact secure@sollum.com for more information.


LAST UPDATED: July 3rd, 2025