Umbrella Security Statement

Security and Availability

 

Umbrella values our customers’ privacy and is committed to ensuring that our services are secure, available and reliable. We know that you trust us to protect your information and it is extremely important to us that security is a priority. Our organization is well-staffed and adheres to carefully controlled workflows that ensure that all business is executed based on established security guidelines.

If you have discovered a security issue in Umbrella’s product, please report it to: [email protected]

 

Secure Development

 

We are committed to ensuring best practices for protection and use of customer data. The Umbrella architecture is designed around the goals of redundancy, security, and availability.

Our security design relies on industry best practices such as encrypted transmissions, cross-site scripting prevention, firewalls, regular security updates, security scans, and vulnerability assessments to ensure the security of your data.

Umbrella Security StatementUmbrella Security Statement

 

ISO/IEC 27001 Certification

 

The ISO 27000s family of standards helps organizations like Umbrella to keep information assets secure. ISO/IEC 27001 is the best-known standard and provides strict and detailed requirements for a company’s Information Security Management System (ISMS).  

The Information Security Management  System of Umbrella Ltd. has been assessed and complies with the requirements of ISO/IEC 27001:2013 (Certificate).

With ISO/IEC 27001 certification:

  • Umbrella can most effectively manage asset security (e.g. financial information, intellectual property, employee details or information from third parties)
  • Umbrella customers and stakeholders know with full confidence how we approach risk management and control information
  • Umbrella maintains the requirements for implementing and maintaining the security of information
Umbrella Security Statement

*Please note: the Umbrella certificate will be updated in May 2025.

 

SOC 1 Type II and SOC 2 Type II compliance

 

These certifications, conducted by Ernst & Young (EY), reinforce Umbrella’s commitment to the highest standards of operational integrity, data security, and financial transparency for enterprise and MSP customers.

These independent audits validate Umbrella’s internal controls and processes, ensuring that customer cloud financial data is managed with the utmost rigor and accountability. As cloud infrastructure continues to scale, ensuring that systems and workflows meet recognized global standards is critical.

The certifications reflect the result of hundreds of hours dedicated to meticulous planning, continuous monitoring, and process refinement—underscoring Umbrella’s ongoing commitment to meeting the rigorous standards established by the AICPA.

  • SOC 1 Type II confirms that Umbrella’s internal controls over financial reporting (ICFR) are effective, giving our customers and auditors confidence that their cloud cost data is accurate, complete, and well-managed.
  • SOC 2 Type II verifies that our platform meets rigorous security, availability, and confidentiality standards over time, which results in customer data being protected and securely handled.
Umbrella Security Statement