LogoLogo
Sign inProduct portalStatus pageSubscribe to updates
  • 👋Hello
  • 🚀Getting Started
    • Getting started
    • First time log in
      • Standalone version
      • Microsoft 365 organisations
      • Google organisations
    • Set up your organisation
      • Add a building
      • Add a floor
      • Add users
      • Add teams
      • Add resources
      • Add neighbourhoods
      • Add devices / apps
    • Set up your hardware
      • Supported hardware
      • Firewall rules
      • Meeting room display
        • Mimo firmware upgrade
      • Applications
        • Recommended hardware
        • Pair an application
        • Booking panel application
        • Office map application
        • Visitor kiosk application
        • Check in application
        • People count application
      • Video conferencing
      • IoT sensors
      • Sensor deployment
    • Settings
      • Regional settings
      • Branding and appearance
      • User settings
      • Visitor settings
      • Support details
      • Auto book / release
      • Booking reminders
    • Policies
      • General policies
      • Desk booking policies
      • Room booking policies
      • Car parking policies
      • 'Other' resource policies
      • Neighbourhood policies
      • Booking requests
    • Maps
      • About our interactive maps
      • Assign resources to map
    • Security
      • FAQ
      • White paper
      • Firewall rules
      • Network architecture
    • Users
      • User roles
      • User sync
    • Teams
    • Neighbourhoods
      • Booking in a neighbourhood
    • Your preferences
  • 📖User Guides
    • User guides
    • Planning your work week
    • Your workspace
    • Resource scheduling
      • Book a desk
      • Book a meeting room
      • Book a parking space
      • Book an 'other' resource
      • Manage your bookings
      • Check in to a booking
      • Book on behalf of
      • Edit / cancel on behalf of
    • Visitor management
      • Visitor log
      • How to invite visitors
      • Check in / out of a building
      • Reports
    • Mobile application
      • Download the mobile app
      • Book a desk
      • Book a meeting room
      • Book a parking space
      • Book an 'other' resource
    • Zones
    • Troubleshooting
      • Password issues
      • Hard refresh my browser
      • How do I report bugs
  • 🤝Integrations
    • Integrations overview
    • Calendar
      • Microsoft 365
        • Microsoft 365 permissions
        • Limit access to mailboxes
        • OAuth authentication flow
        • Global admin requirements
        • Enterprise applications
        • Add resources
        • Room display preparation
        • User sync
      • Google Workspace
        • Google permissions
        • Setup
        • OAuth authentication flow
        • Add resources
        • User sync
    • Video conferencing
      • Cisco
        • Cisco Webex
        • Cisco Meraki
      • Jabra Panacast
    • IoT sensors
      • MQTT
      • Milesight
        • Milesight configuration
        • Milesight DS3604 setup
      • Pressac
        • Pressac configuration
      • Irisys
        • Irisys configuration
    • Okta
    • SCIM provisioning
    • Vecos lockers
    • Crestron x70 Series
  • 📈Data and Reporting
    • Data and reporting
    • Analytics
    • Analytics Pro ✨
      • Dashboard
        • Space Usage
        • Reservations Trend
        • User Reservations Trend
        • Energy Log
        • Occupancy Log
        • Air Quality
        • Co2 Log
        • Temperature Log
        • Ambient Noise
        • Sound Level
        • Humidity Log
      • Functions
        • Aggregate Functions
          • ArrayAgg
          • ArrayAggDistinct
          • Avg
          • AvgIf
          • Corr
          • Count
          • CountDistinct
          • CountDistinctIf
          • CountIf
          • GrandTotal
          • ListAgg
          • ListAggDistinct
          • Max
          • MaxIf
          • Median
          • Min
          • MinIf
          • PercentileCont
          • PercentileDisc
          • PercentOfTotal
          • StdDev
          • Subtotal
          • Sum
          • SumIf
          • SumProduct
          • Variance
          • VariancePop
        • Array Functions
          • Array
          • ArrayContains
          • ArrayDistinct
          • ArrayExcept
          • ArrayIntersection
          • ArrayJoin
          • ArrayLength
          • ArraySlice
          • Sequence
        • Date Functions
          • ConvertTimeZone
          • DateAdd
          • DateDiff
          • DateFormat
          • DateFromUnix
          • DateLookback
          • DatePart
          • DateParse
          • DateTrunc
          • Day
          • EndOfMonth
          • Hour
          • InDateRange
          • InPriorDateRange
          • LastDay
          • MakeDate
          • Minute
          • Month
          • MonthName
          • Now
          • Quarter
          • Second
          • Today
          • Weekday
          • WeekdayName
          • Year
        • Financial Functions
          • CAGR
          • Effect
          • FV
          • IPmt
          • Nominal
          • NPer
          • Pmt
          • PPmt
          • PV
          • XNPV
        • Geography Functions
          • Area
          • Centroid
          • Distance
          • Geography
          • Intersects
          • Json (geography)
          • Latitude
          • Longitude
          • MakeLine
          • MakePoint
          • Perimeter
          • Text (geography)
          • Within
        • Join Functions
          • Lookup
          • Rollup
        • Logical Functions
          • Between
          • Choose
          • Coalesce
          • If
          • In
          • IsNotNull
          • IsNull
          • Switch
          • Zn
        • Math Functions
          • Abs
          • Acos
          • Asin
          • Atan
          • Atan2
          • BinFixed
          • BinRange
          • BitAnd
          • BitOr
          • Ceiling
          • Cos
          • Cot
          • Degrees
          • DistanceGlobe
          • DistancePlane
          • Div
          • Exp
          • Floor
          • Greatest
          • Int
          • Least
          • Ln
          • Log
          • Mod
          • MRound
          • Pi
          • Power
          • Radians
          • Round
          • RoundDown
          • RoundUp
          • RowAvg
          • Sign
          • Sin
          • Sqrt
          • Tan
          • Trunc
        • Text Functions
          • Concat
          • Contains
          • EndsWith
          • Find
          • ILike
          • Left
          • Len
          • Like
          • LPad
          • Lower
          • LTrim
          • MD5
          • Mid
          • Proper
          • RegexpExtract
          • RegexpMatch
          • RegexpReplace
          • Repeat
          • Replace
          • Reverse
          • Right
          • RPad
          • RTrim
          • SplitPart
          • StartsWith
          • Substring
          • Trim
          • Upper
        • Type Functions
          • Date
          • Json
          • Logical
          • Number
          • Text
          • Variant
        • Window Functions
          • CumulativeAvg
          • CumulativeCorr
          • CumulativeCount
          • CumeDist
          • CumulativeMax
          • CumulativeMin
          • CumulativeStdDev
          • CumulativeSum
          • CumulativeVariance
          • FillDown
          • First
          • FirstNonNull
          • Lag
          • Last
          • LastNonNull
          • Lead
          • MovingAvg
          • MovingCorr
          • MovingCount
          • MovingMax
          • MovingMin
          • MovingStddev
          • MovingSum
          • MovingVariance
          • Nth
          • Ntile
          • Rank
          • RankDense
          • RankPercentile
          • RowNumber
        • Operators
    • Insights
    • Booking report
    • Contact tracing report
  • 📝Release Notes
    • Release notes overview
    • Web
      • 2025
        • v3.1.7 - 16th April 2025
        • v3.1.6 - 27th February 2025
        • v3.1.5 - 23rd January 2025
        • v3.1.4 - 20th January 2025
      • 2024
        • v3.1.3 - 23rd December 2024
        • v3.1.2 - 5th December 2024
        • v3.1.1 - 3rd December 2024
        • v3.1.0 - 24th October 2024
        • v3.0.9 - 10th October 2024
        • v3.0.8 - 14th August 2024
        • v3.0.7 - 15th July 2024
        • v3.0.6 - 27th June 2024
        • v3.0.5 - 18th April 2024
        • v3.0.4 - 11th April 2024
        • v3.0.3 - 18th March 2024
        • v3.0.2 - 19th February 2024
        • v3.0.1 - 4th January 2024
      • 2023
        • v3.0.0 - 21st November 2023
        • v2.10.9 - 12th October 2023
        • v2.10.8 - 6th September 2023
        • v2.10.7 - 10th August 2023
        • v2.10.6 - 25th July 2023
        • v2.10.5 - 17th May 2023
        • v2.10.4 - 4th May 2023
        • v2.10.3 - 12th April 2023
        • v2.10.2 - 3rd April 2023
        • v2.10.1 - 20th February 2023
      • 2022
        • v2.10.0 - 29th November 2022
        • v2.9.9 - 16th November 2022
        • v2.9.8 - 27th October 2022
        • v2.9.7 - 12th October 2022
        • v2.9.6 - 29th September 2022
        • v2.9.5 - 7th September 2022
        • v2.9.4 - 22nd August 2022
        • v2.9.3 - 6th July 2022
        • v2.9.2 - 29th June 2022
        • v2.9.1 - 14th June 2022
        • v2.9.0 - 5th May 2022
        • v2.8.9 - 18th April 2022
        • v2.8.8 - 5th April 2022
        • v2.8.7 - 18th March 2022
        • v2.8.6 - 9th February 2022
      • 2021
        • v2.8.5 - 23rd December 2021
        • v2.8.4 - 15th December 2021
        • v2.8.3 - 2nd December 2021
        • v2.8.0 - 18th November 2021
        • v2.7.0 - 25th October 2021
        • v2.5.0 - 22nd September 2021
        • v2.4.0 - 23rd August 2021
        • v2.3.0 - 4th August 2021
        • v2.2.0 - 26th July 2021
        • v.2.1.0 - 16th July 2021
        • v2.0.0 - 13th July 2021
        • V1.9.0 - 24th June 2021
        • V1.8.0 - 4th June 2021
        • V1.7.0 - 23rd May 2021
        • V1.6.0 - 13th May 2021
        • V1.5.0 - 16th April 2021
        • V1.4.0 - 6th April 2021
    • Mobile
      • Android
        • 2025
          • v1.20.0 - 9th January 2025
        • 2023
          • v1.18.0 - 4th May 2023
          • v1.17.9 - 6th April 2023
        • 2022
          • v1.14.5 - 18th April 2022
          • v1.12.0 - 12th January 2022
        • 2021
          • v1.11.0 - 18th November 2021
          • v1.10.2 - 25th October 2021
          • v1.9.0 - 6th October 2021
          • V1.8.6 - 20th August 2021
          • V1.6.6 - 5th July 2021
          • V1.6.0 - 25th June 2021
          • V1.1 - 6th May 2021
          • V1.0 - 4th January 2021
      • IOS
        • 2025
          • v3.8.9 - 15th January 2025
          • v3.8.8 - January 9th 2025
        • 2023
          • v3.5.0 - 4th May 2023
          • v3.4.7 - 6th April 2023
        • 2022
          • v3.4.0 - 12th January 2022
            • v3.4.3 - 18th April 2022
        • 2021
          • v3.3.3 - 18th November 2021
          • v3.3.1 - 25th October 2021
          • v3.3.0 - 6th October 2021
          • V3.2.4 - 20th August 2021
          • V1.6.6 - 5th July 2021
          • v1.6.5 - 25th June 2021
          • v1.6.1 - 6th May 2021
          • v1.5.1 - 4th January 2021
    • Android meeting display
      • 1.7.3 - 18th April 2024
      • 1.7.2 - 15th December 2023
      • 1.7.0 - 3rd August 2023
      • v1.5.4 - 27th April 2022
      • v1.5.3 - 18th April 2022
      • v1.4.16 - 18th March 2022
      • v1.4.3 - 2nd December 2021
  • ⬇️Downloads
    • Android meeting display
  • 🚀What's new
  • 📝Request a feature
  • 📱Android mobile app
  • 📱iOS mobile app
  • 📃Licence agreement
  • 📃Terms of use
  • 📃Privacy policy
  • 📃Warranty
Powered by GitBook
On this page
  • Introduction
  • UMA Security
  • ISO 27001 Accreditation and Compliance
  • Employee Background Checks
  • Security Training for all Employees
  • Internal Security and Privacy Events
  • Dedicated Security Team
  • Internal Audit & Compliance Specialists
  • Operational Security
  • Annual Penetration Testing and Testing Post-Major Updates
  • Vulnerability Management
  • Monitoring
  • Incident Management
  • Data Usage
  • Our Deal
  • Data Access & Restrictions
  • Administrative Access
  • Customer Administrators
  • Law Enforcement Data Requests
  • Third-Party Suppliers
  • Conclusion

Was this helpful?

Export as PDF
  1. Getting Started
  2. Security

White paper

v2.0 - 15/11/2023

Introduction

This paper outlines UMA’s approach to security and compliance for UMA Cloud, UMA Products and UMA Services. This whitepaper focuses on security including details on organizational and technical controls regarding how UMA protects your data.

UMA Security

ISO 27001 Accreditation and Compliance

UMA is proud to announce that we are ISO 27001 accredited, demonstrating our commitment to the highest standards of information security management. This international standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organisation. Our adherence to ISO 27001 standards ensures that we manage the security of assets such as financial information, intellectual property, employee details, and information entrusted to us by third parties with utmost diligence.

Employee Background Checks

Before a member joins our team, UMA will verify an individual’s education and previous employment, and perform internal and external reference checks. Where local labour laws or statutory regulations permit, UMA may also conduct criminal, credit, immigration, and security checks. The extent of these background checks are dependent on the desired position.

Security Training for all Employees

All UMA employees undergo security training as part of the onboarding process and receive ongoing security training throughout their UMA working careers. During the onboarding phase, new employees agree to our Code of Conduct, which highlights our commitment to keeping customer information safe and secure. Depending on their job role, additional training on specific aspects of security may be required. For instance, the Information Security and Development team instructs new engineers on topics such as: secure coding practices, product design, and automated vulnerability testing tools. Engineers also attend technical presentations on security-related topics and receive a security newsletter that covers new threats, attack patterns, mitigation techniques, and more.

Internal Security and Privacy Events

UMA regularly hosts internal conferences to raise awareness and drive innovation in security and data privacy which are open to all employees. Employees are regularly subjected to fake phishing emails to ensure the training received is understood and strengthens the awareness.

Dedicated Security Team

UMA employs security and privacy professionals who are part of our Platforms Engineer and Operations team. This team is tasked with maintaining the company’s systems from vulnerabilities, developing security review processes, building a security infrastructure, and implementing UMA’s security policies. UMA’s Security Team actively scans for security threats using commercial tools, penetration tests, quality assurance (QA) measures and software/platform security reviews.

Internal Audit & Compliance Specialists

UMA has a dedicated internal audit team that reviews compliance with security laws and regulations around the world.

Operational Security

Annual Penetration Testing and Testing Post-Major Updates

To further bolster our commitment to security, UMA conducts annual penetration tests on our environment. These tests are designed to identify and fix vulnerabilities, ensuring the integrity, confidentiality, and availability of our customer's data. Moreover, following any major updates or significant changes to our systems, we conduct additional penetration testing. This approach helps us to immediately address any potential security issues introduced by new system functionalities or updates, thereby maintaining a robust security posture consistently.

Vulnerability Management

UMA administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews, and external audits. The vulnerability management team (Security Team) is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner.

Monitoring

UMA’s security monitoring system is focused on information gathered from internal network traffic on our Platform, employee actions on systems, and outside knowledge of vulnerabilities. Within each of our Region’s traffic is inspected for suspicious behaviour, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of tools and services available within Amazon AWS. Inbound security reports are regularly monitored, and changes are audited.

Incident Management

We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. If an incident occurs, the security team logs and prioritizes it according to its severity. Events that directly impact customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation.

Data Usage

Our Deal

In accordance with our commitment to protect your privacy and manage your data responsibly, we will retain the personal and operational data collected through our services only for as long as necessary to fulfil the purposes outlined in this agreement, or as required by applicable law. All data will be securely deleted from our systems every three years, unless a shorter retention period is applicable. Additionally, upon the termination of your contract with us, we will delete all your data in full, ensuring that no residual copies remain in our backups or storage systems beyond a period necessary for the deletion process. This policy is designed to ensure compliance with data protection regulations and to safeguard your information against unauthorized access or use.

Data Access & Restrictions

Administrative Access

To keep data private and secure, UMA logically isolates each customer’s data from that of other customers and users, even when it is stored on the same virtual host hosted in AWS. Only a small group of UMA employees have access to customer data. For UMA employees, access rights and levels are based on their job functions and role, using the concepts of least privilege and need-to-know to match access privileges and defined responsibilities. Requests for additional access follow a formal process that involves a request and approval from a data or system owner, manager, or other executives, as dictated by UMA's security policies. Approvals are managed by workflow tools that maintain audit records for all changes.

Customer Administrators

Within customer organisations, administrative roles and privileges for UMA Cloud are configured and controlled by the Project/Facilities owner. This means that individual team members can manage certain services or perform specific administrative functions related to that organisation only without gaining access to all settings and data.

Law Enforcement Data Requests

The customer, as the data owner, is primarily responsible for responding to law enforcement data requests: however, like other technology companies, UMA may receive direct requests from government and courts around the world about how a person has used the company’s services. We take measures to protect customers' privacy and limit excessive requests while also meeting our legal obligations. Respect for the privacy and security of data you store with UMA remains our priority as we comply with these legal requests. When we receive such a request, our team reviews the request to make sure it satisfies legal requirements and UMA policies. For us to comply, the request must be made in writing, signed by an authorized official of the requesting agency, and issued under an appropriate law.

Third-Party Suppliers

UMA directly conducts virtually all data processing activities to provide our services. However, UMA may engage some third-party suppliers to provide services relating to UMA, UMA Vision, UMA Book, UMA Sense, UMA C-19 and UMA Air. Prior to onboarding third-party suppliers, UMA conducts an assessment of the security and privacy practices of third-party suppliers to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide.

Conclusion

The protection of your data is the primary design consideration for all UMAs Infrastructure, products, and personnel operations. Data protection is more than just security, UMAs strong contractual commitments make sure you maintain control over your data and how it is processed, including the assurance that your data is not used for advertising or any purpose other than to deliver UMA Cloud Services to you.

PreviousFAQNextFirewall rules

Last updated 1 year ago

Was this helpful?

🚀