Vehicle connectivity is at the heart of automotive innovation across all kinds of use cases today — whether that’s balancing the grid, powering predictive maintenance, scaling EV charging infrastructure, and more. Connected car data allows drivers, mobility businesses, and automakers to collectively work toward engaging and accessible transportation solutions. By achieving ISO 27001 and ISO 27701, Smartcar continues to prioritize providing a secure, audited environment to build the future of connected mobility.
Our 2023 State of Connected Car Apps report uncovered that drivers are eager to personalize their automobility experiences with telematics-powered apps and services. But this openness is rooted in consumer demands for data transparency.
Since the early days of Smartcar, we’ve been clear about our stance as an automotive developer platform—not a data marketplace. We summarized some common questions about the matter in a blog post from five years ago:
"Can you send us a car's location or odometer if we provide a VIN?" - No.
"Does Smartcar sell bulk vehicle data sets?" - No.
"How about anonymous data sets, are those for sale?" - No.
Nothing about this has changed. In fact, we’ve only become more committed to helping the automotive industry implement vehicle data consent management and confidently champion drivers.
With Smartcar’s ISO 27001 and ISO 27701 certifications, we’re proud to give our customers a platform with internationally recognized standards for organizational security and privacy protection.
What is ISO 27001 and ISO 27701?
The International Organization for Standardization (ISO) brings together experts from over 160 countries to develop international standards for a range of services and processes. ISO 27001 and ISO 27701 are data security and privacy standards certifying that Smartcar operates with established best practices for handling customer data and complying with data regulations.
ISO/IEC 27001
ISO/IEC 27001 is the best-known international standard for information security management systems (ISMS), defining requirements that our platform’s ISMS must meet. This certification ensures that Smartcar has implemented and maintained a system that effectively manages information security risk in accordance with ISO principles. This standard also equips the organization with best practices that enable the continuous improvement of our ISMS.
ISO/IEC 27701
ISO/IEC 27701 builds on the standards defined in ISO/IEC 27001 with an emphasis on data privacy. This standard strengthens Smartcar’s ISMS with additional requirements to establish, implement, maintain, and continually improve our Privacy Information Management System (PIMS). With ISO/IEC 27701 compliance, Smartcar demonstrates a commitment to protecting personally identifiable information (PII) and complying with international privacy regulations like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
Why does ISO compliance matter to Smartcar customers?
To achieve our ISO certifications, Smartcar’s information security management system (ISMS) was thoroughly evaluated by an independent auditing firm, Prescient Security.
Smartcar customers can have peace of mind building secure API integrations with a trusted and credible software partner. We empower businesses to build and scale solutions that give vehicle owners data transparency and choice, providing customers a developer platform with:
- A systematic approach to collecting user consent, managing API tokens, and implementing security measures at every level of the network stack.
- A proactive commitment to strengthening data handling practices and meeting industry-standard regulations across North America and Europe.
- A standardized framework to monitor and implement data security improvements consistently and efficiently as our platform scales.
Beyond ISO compliance: Our data privacy measures
Smartcar is a trusted partner of choice for mobility businesses across sectors, including utilities, state government departments, and enterprises with strict security and reliability requirements. We’re committed to going above and beyond simply building connected car integration by empowering customers with tools to prevent security risks and network vulnerabilities.
As the connected car ecosystem continues to evolve, we’re prepared to help mobility businesses uphold the highest standard of data security and privacy. With Smartcar’s ISO compliance and the measures listed below, we’re excited to unlock more value from connected car data through transparent and consent-driven policies.
🔖 Read more about Smartcar’s security and compliance measures:
- SOC 2 Type 2 certification: Our SOC 2 Type 2 examination was conducted by an independent, third-party accounting and auditing firm to evaluate our processes, procedures, and controls for security and availability.
- General Data Protection Regulation (GDPR): Smartcar is fully GDPR compliant, successfully demonstrating adherence to GDPR’s substantial standards for data protection, privacy, and security for our customers, employees, and partners.
- Annual Penetration Testing: Smartcar has partnered with independent security firms to conduct an annual penetration test to stimulate cyberattacks performed by verified cybersecurity professionals.
- Vulnerability Disclosure Policy (VDP): Smartcar operates a Vulnerability Disclosure Program to allow good-faith security researchers to easily and safely disclose findings.