CANDI is the world’s first company certified “Privacy Smart” by TRUSTE and the Future of Privacy Foundation for protecting end users’ personal data. We implement industry best practices to manage our IT systems, data, and web traffic; follow pertinent PCI, NIST, and NERC security standards; and are constantly analyzing and updating safeguards to our physical, server, and network layers.

Security audit tested and cleared

CANDI’s software and operations have been repeatedly cleared for IT security in audits by our enterprise customers and security services. For example:

  • In Q2 2016, CANDI voluntarily submitted for auditing to NIST compliance requirements and gray-hat penetration testing by IT services leader Novacoast”.
  • Since 2013, CANDI has been audited and pen-tested by three different Fortune 500 corporations for our security and development practices.
  • In 2014, Accuvant (now Optiv”)—the authoritative source for information security— was commissioned by a public company to perform an independent IT security and penetration test of CANDI’s software and services.
  • In 2013, after extensive privacy policy and app testing, TRUSTe CANDI the world’s first PrivacySmart certification”.
  • CANDI also submits to online quarterly security testing and standards compliance by Qualys.

These companies have evaluated and approved CANDI’s cloud, application, gateway software, and internal processes for security and data privacy.

Candi takes security seriously

CANDI cloud services and PowerTools app are built to scale to millions of endpoints with real-time data streams. Communications are heavily encrypted with 2048-bit SSL security, and data is archived and backed up offline.

CANDI’s cloud service runs primarily on Google Cloud in top data centers in North America. CANDI cloud instances can be independently operated at any data center in the world. Candi has been deployed on Google, VMWare, OVH, Terremark, is compatible with Microsoft Azure, and also operates on privately operated industry-standard IT equipment.

CANDI’s IoT Server is also secured, and is available tightly integrated with McAfee Embedded Security” on the Intel Building Management Platform to ease compliance with IT department policies in smart buildings and data centers.

Security on this site and our cloud includes use of SSL and/or TLS technology to protect the transmission of critical information. We protect information stored on our servers from unauthorized access using industry-standard techniques and processes.

Setting a high standard

No company can guarantee that data is completely secure from attempts to evade security measures or intercept network transmissions, but CANDI sets a high standard for security across the Internet of Things through these and other precautions.