Trust Center

Request SOC2 report here: SOC 2 Type II | Ultimo EAM software

Your data and process security are top priorities. We take various measures to set your mind at ease and ensure an uptime of 99.7% for Ultimo SaaS environments, as defined in our support policy.  Our cloud team communicates all maintenance or downtime updates via our status page.

The infrastructure is fully managed through Infrastructure as Code, eliminating manual actions and minimizing human error. To guard against web-based threats, we use ModSecurity, an advanced open-source Web Application Firewall integrated with NGINX, offering deep traffic inspection, real-time threat mitigation, and customizable security rules.

All customer files are securely stored on Azure Storage, protected with 256-bit AES encryption (FIPS 140-2 compliant), ensuring strong, transparent data protection similar to BitLocker encryption on Windows.

Security and quality are built into our agile software development process. Your business benefits from our continuous integration and continuous delivery (CI/CD), a DevOps best practice that ensures fast, secure, and reliable updates.

All code is developed and reviewed according to OWASP guidelines and continuously scanned for vulnerabilities, while automated and manual tests before every release guarantee stability. Static code analysis further monitors complexity and consistency, ensuring every update meets the highest standards for secure, dependable performance.

Ultimo applies strict measures to ensure strong authentication security and continuous protection through penetration testing. All user connections to Ultimo environments are secured via HTTPS with HSTS preloading, ensuring browsers always use encrypted connections.

Single Sign-On (SSO) is supported through Microsoft Entra ID, with options for SAML2 and OIDC integration for other identity providers, allowing customers to manage additional security controls such as multifactor authentication.

To maintain robust protection, external experts conduct annual penetration tests covering both the software and the hosting platform, with detailed results available upon request. These combined measures guarantee that user access and data remain secure at all times.

We are firmly committed to privacy, security, compliance and transparency. This commitment extends to supporting our customers in meeting UK, EU & US data protection requirements, including those outlined in GDPR, UK GDPR and CCPA.

At Ultimo, we are committed to safeguarding your personal data. We collect, process, and store information that is necessary to deliver and improve our services, and we do so in accordance with all applicable data protection laws, including the GDPR, CCPA, and other relevant regulations.

We believe in complete transparency. Our Privacy Policy clearly outlines what data we collect, why we collect it, and how it is used.

Your information is protected by strong technical and organisation measures including encryption, access controls, and regular security audits. We never sell your personal data to third parties.

We have designated a Data Protection Officer (DPO) responsible for overseeing our privacy practices. Regular internal reviews ensure we continuously meet evolving privacy standards and maintain customer trust.

Ultimo offers a robust suite of access controls and encryption tools to help customers safeguard their information effectively.

Based on the geolocation of our customers, we have various paired regions for hosting our EAM Software on the MS Azure Platform. Unless instructed otherwise by the customer, the geolocation of the main entity of the customer will be the hosting location (e.g. customer in EU, hosting in EU). MS Azure’s comprehensive security can be found here: Microsoft Trust Center Overview | Microsoft Trust Center.

At Ultimo, we integrate Privacy by Design and by Default into every stage of our development process. This means that privacy considerations are not an afterthought. They are embedded into the core of our products and services from the outset.

Ultimo uses Data Lifecycle Management to ensure only necessary personal data is collected and retained for the purpose of the collection in both it’s roll as data controller and data processor.

As a user of Ultimo EAM Software, you been given various features to be in control over your own data collection and retention. Ask your account manager for more information.

At Ultimo, sustainability is about responsibility, for people, society, the environment, and the trust our customers place in us. It’s embedded in how we work, make decisions, and deliver technology that supports a better future.

We believe in fair and ethical business conduct, respect for human rights, and equal opportunity for all. Acting with integrity, rejecting corruption or exploitation in any form, and fostering a safe, inclusive, and respectful workplace are fundamental to how we operate and collaborate with partners. These values are anchored in our Code of Conduct, which guides our everyday behavior and decision-making.

Strong governance underpins everything we do. We manage data, privacy, and security with the same care as we manage our business: responsibly, transparently, and in line with international standards. Every employee completes regular compliance and ethics training, ensuring that awareness and accountability remain part of our culture. Our approach ensures information is protected, risks are managed, and technology, including AI, is used with fairness and integrity.

Sustainability at Ultimo is not a project but a commitment. Through clear values, sound controls, and continuous improvement, we work to create lasting value for our customers, employees, and communities, whilst maintaining the highest standards of trust, responsibility, and ethical conduct.

We believe in the power of AI to support smarter, more efficient maintenance and asset management. That’s why all AI-driven features are developed and deployed in line with our internal ethical AI policies. These guardrails ensure our use of AI remains transparent, responsible, and low risk, always enhancing the user experience without compromising security or control.