What Remix’s SOC 2 Compliance Means for You


Remix’s fully-integrated pipelines and dedicated data team support over 3,000 datasets to date which empowers planners by providing a single platform that shows the complete, multi-modal transportation picture.

Planners rely on data. Whether for service planning, equity analysis, or grant writing, using big datasets is an inextricable part of a planner’s role. At Remix, we work hard to help you visualize and analyze your data, from publicly available demographic data to proprietary data from third-party providers. Remix’s fully-integrated pipelines and dedicated data team support over 3,000 datasets to date, empowering planners by providing a single platform for the complete, multi-modal transportation picture.

Now Remix is proud to announce that we are SOC 2 compliant, which means even more reliable security for all your transportation data.

Why Data Security Matters

Remix users often have to handle sensitive data in order to manage, plan, and measure community impact. Effective transportation planning requires access to information like ridership, origin-destination data, collisions, and micromobility data which can contain personally identifiable information. We know how important your data is to public service and community trust, so we make cybersecurity our priority.

Remix stores all sensitive data in an isolated and secured partner data account. We monitor all of our software for vulnerabilities and regularly update our software and operating systems to keep your information safe.

About SOC 2 Compliance

SOC 2 stands for Service Organization Control 2, an IT security auditing program from the American Institute of Certified Public Accountants (AICPA). It evaluates the systems that an organization uses to process user data and determines whether security protocols are strong enough to protect that data.

A SOC 2 compliant organization is one that’s been determined to have appropriate protocols in place to safeguard the security, availability, integrity, and confidentiality of user data. It’s an important credential for any platform that processes and stores sensitive data.

The Compliance Process

To receive the SOC 2 compliance credential, an organization has to pass one of two types of SOC audits. Type 1 looks at the company's security practices as a snapshot in time, while Type 2 reviews practices over a longer period. Because Type 2 is longer-term, it offers a higher level of assurance to users. Remix is Type 2 compliant. 

Both audit types compare the organization’s security controls against the AICPA Assurance Services Executive Committee’s Trust Services Criteria, which fall into five broad categories:

  1. Security: The system is protected against unauthorized access. Security controls prevent system abuse, data theft, and improper disclosure.
  2. Availability: Security is in place so that users can access the system as expected. Criteria include network performance monitoring and incident response.
  3. Processing integrity: The system can process information completely and accurately, and deliver it uncorrupted in a timely fashion. To do so, the organization needs to monitor data processing and have active quality assurance protocols.
  4. Confidentiality: The organization protects all user information that has restricted access and disclosure. Compliance requires protections like network firewalls, data encryption, and access control.
  5. Privacy: The system collects and processes any personally identifiable information (PII) in a way that prevents unauthorized access. All processing of PII has to align with the organization’s privacy notice and the AICPA’s Generally Accepted Privacy Principles.

When an organization’s protocols meet AICPA’s strict compliance standard, that company is deemed SOC 2 compliant.

Why SOC 2 Compliance Matters

SOC 2 compliance confirms that effective security protocols and procedures are in place across company’s systems. It’s both a technical certification and an assurance that the company cares enough about customer data to follow best practices and invest in higher-level protections.

SOC 2 compliance also guarantees that an organization will continually monitor user data and alert users in the case of breached systems or compromised data. You don't have to worry about ensuring your data security—as an SOC 2 compliant company, Remix does that for you.

SOC 2 Certification Lets You Work Without Worry

We know the importance of data security in transportation planning, and we want all of our customers to feel comfortable entrusting us with sensitive information. Remix is proud to have earned Type 2 SOC 2 compliance certification, which guarantees a high level of security and reliability for our users. You can learn more about Remix’s data practices here.