Higher Elevation Software has completed a SOC 2® Type I examination for the EHS-Dashboard™. Conducted by an independent CPA in accordance with AICPA attestation standards. The examination evaluated the design of our security controls. It resulted in an unqualified opinion about our successful EHS software’s SOC 2 compliance with no examination exceptions noted. Organizations that depend on the EHS-Dashboard to manage incident reports, OSHA submissions, audit records, and employee safety information, now have documented, independent assurance that the platform protecting your data has been built on a foundation of verified security controls.
This post explains what the examination covered, why we pursued it, and what the results mean for current and prospective users of the EHS-Dashboard.
System and Organization Controls (SOC) is a framework governed by the American Institute of Certified Public Accountants (AICPA). In a SOC 2 examination, an independent CPA firm reviews a service organization’s policies, procedures, and controls to determine whether they’re suitably designed to protect customer data.
A SOC 2 Type I examination evaluates whether controls are suitably designed as of a specific date. The completed examination confirms that Higher Elevation Software’s security controls protecting the EHS-Dashboard were suitably designed as of April 16, 2026.
It’s worth noting that, in a SOC 2 examination, an independent auditor gathers evidence, evaluates the design of controls, and renders a formal opinion. That means that the examination assesses how your data is actually protected, not just what’s written in a policy document.
Environmental, health, and safety program managers work with a wide range of sensitive data every day. When you centralize that information in an EHS platform, you’re trusting the provider behind that platform to protect it with the same rigor you bring to protecting your workforce. Because you can't afford for this data to be compromised, you can’t house it in a system without verified protections.
As cybersecurity threats continue to grow and data breaches become more frequent, it’s reasonable and increasingly expected for EHS software partners not only to claim that they’ve put the right controls in place, but to offer proof.
A SOC 2 examination provides independent, third-party validation that the systems handling your data are built on verified security controls. An EHS software SOC 2 compliance report offers documented assurance that EHS Managers and Directors can share with internal stakeholders, IT security teams, third-party auditors, and leadership.
In many organizations, completing a vendor security review is a prerequisite before any new software can be adopted. A SOC 2 report helps clear that hurdle while giving you confidence that the tool your team relies on meets a recognized standard for data protection.
Higher Elevation Software's SOC 2 Type I examination was conducted by Advantage Partners, an independent CPA firm, in accordance with AICPA attestation standards. The examination evaluated the design of controls relevant to the EHS-Dashboard against the AICPA’s Trust Services Criteria for Security. This is the foundational criterion that addresses whether systems and data are protected against unauthorized access.
The auditor reached their conclusion after examining controls across every major area of our security program:
Access Controls and Logical Security: The EHS-Dashboard enforces role-based access controls, multi-factor authentication for production systems, unique authentication credentials, and quarterly access reviews to ensure least-privilege access. Production systems are accessible only through approved encrypted connections.
Encryption: Customer data is encrypted at rest within our datastores and in transit using secure data transmission protocols. Access to encryption keys is restricted to authorized personnel with a documented business need.
Change Management: All changes to software and infrastructure are authorized, documented, tested, reviewed, and approved before reaching the production environment. Development and testing occur in environments logically separated from production, with version control maintaining a full history and rollback capability.
Vulnerability Management: Host-based vulnerability scans run at least quarterly against all external-facing systems, with critical and high vulnerabilities tracked to remediation. An intrusion detection system provides continuous network monitoring and early detection of potential security events.
Incident Response: We maintain a formal incident response plan that is tested at least annually. Security incidents are logged, tracked, and communicated to affected parties according to documented procedures.
Vendor and Infrastructure Management: The EHS-Dashboard is hosted on Google Cloud Platform with Vercel supporting our deployment infrastructure. We maintain a vendor management program that includes annual reviews of critical third-party providers, written agreements with confidentiality and privacy commitments, and regular review of subservice organization attestation reports.
Risk Assessment and Business Continuity: We conduct formal risk assessments at least annually and maintain a documented business continuity and disaster recovery plan that is tested regularly.
The result of the examination was an unqualified opinion with no exceptions noted. In audit terms, that’s the most favorable outcome a SOC examination can produce. It means that Advantage Partners found our security controls were suitably designed to protect the EHS-Dashboard and the customer data it handles.
Higher Elevation Software was founded by a team of EHS practitioners and software engineers who lived the problem before they built the solution. That firsthand experience means that we know the data EHS teams manage is among the most sensitive in any organization. It touches employee safety, regulatory standing, legal exposure, and organizational reputation — sometimes all at once.
From the beginning, we’ve prioritized security as we’ve built and operated the EHS-Dashboard. As our customer base has grown across construction, manufacturing, oil and gas, BioPharma, healthcare, and other high-stakes industries, we've come to recognize that our users need more than promises about data security. They want and deserve independent validation from a qualified third party.
We ask EHS teams to trust us with their most critical data, and we’re willing to prove that trust is well-placed. Completing the SOC 2 examination was a natural extension of our commitment to helping you go beyond compliance. This wasn’t a checkbox exercise. It was a deliberate investment in our security posture and in the confidence our customers can place in the EHS-Dashboard as the centralized platform where their safety, compliance, and sustainability data lives.
The completed SOC 2 Type I examination delivers concrete, practical value for current and prospective users of the EHS-Dashboard.
Documented Assurance for Vendor Reviews: If your organization requires SOC 2 reports as part of its vendor risk management process, we can now provide that documentation. This helps streamline procurement, IT security reviews, and internal approvals for teams evaluating or already using the EHS-Dashboard.
Confidence in Data Protection: The unqualified opinion with no exceptions confirms that the security controls protecting your incident data, audit records, regulatory compliance documentation, and employee safety information were independently examined and found to be suitably designed.
More Supported Compliance Posture: Many EHS teams operate within organizations that carry their own regulatory and governance obligations. Knowing that your EHS software provider has completed a SOC 2 examination can strengthen your organization’s broader risk management and compliance position and give you documentation to back it up.
Committed EHS Technology Partner: Higher Elevation Software has always been built by people who understand EHS work from the inside. We know what it means to manage sensitive data under regulatory pressure with limited staff and tight timelines. This examination is proof that we hold ourselves to the same accountability we help our customers achieve. We don’t just offer software that tracks compliance. We prioritize the protection of your data at every level.
At Higher Elevation Software, we’re a team of EHS practitioners and software engineers who understand that the data you trust us with matters, and who treat its protection as a responsibility, not a feature. You can learn more about our security practices, policies, and certifications at our Trust Center.
If you’re evaluating EHS software, you probably have questions about data security. We’d welcome the conversation. Schedule a demo to see how the EHS-Dashboard works, or request a free trial to start experiencing the platform for yourself.
SOC 2 (System and Organization Controls 2) is a framework developed by the AICPA that evaluates a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. In a SOC 2 examination, an independent CPA reviews evidence and evaluates controls to render a formal opinion about their design.
The EHS-Dashboard SOC 2 Type I examination evaluated controls against the AICPA’s Trust Services Criteria for Security. Security is the foundational SOC 2 criterion and addresses whether the system is protected against unauthorized access. It covers logical access controls, encryption, change management, vulnerability management, incident response, and more.
Yes. If you’re a current customer or are evaluating the EHS-Dashboard for your organization, contact our team to request access. The report is shared under the restricted-use provisions outlined by the auditor.
Yes. We’re committed to ongoing EHS software SOC 2 compliance examinations, including pursuing a Type II examination that will validate the operating effectiveness of our controls over time. Security is a continuous discipline, and we intend to maintain and strengthen this level of independent validation as our platform and customer base grow.