Compliance

To ensure the effectiveness of our controls and to help our customers meet their compliance requirements, we certify against industry-standard Information Security and Privacy certification

strip-left-pattern
C754492
strip-right-pattern
C754492
ISO 27001:2022

Locus is certified for ISO 27001:2022, demonstrating a robust Information Security Management System. Certificates are available upon request.

strip-left-pattern
C754493
strip-right-pattern
C754493
ISO 27701:2019

Locus is ISO 27701:2019 certified, helping us to demonstrate our capability to protect customer’s Personal Information.

strip-left-pattern
GDPR Compliant
strip-right-pattern
GDPR Compliant

Locus is fully compliant with the General Data Protection Regulation (GDPR), underscoring our commitment to protecting personal data and upholding the privacy rights of our clients, users, and partners.

Our data processing practices meet the regulatory standards required under the GDPR and have been independently validated through a GDPR gap assessment conducted by DNV.

For more information on Locus’s GDPR compliance, you can request for our DPA at privacy@locus.sh. DPA can be signed on request.

strip-left-pattern
SOC 2
strip-right-pattern
SOC 2
Type II

Locus is SOC 2 Type II compliant, helping us to provide assurance to customers and stakeholders that our organization has implemented and maintains effective controls to protect the data.

strip-left-pattern
SOC 3 Report
strip-right-pattern
SOC 3 Report

Locus has obtained a SOC 3 report, providing public assurance that our organisation maintains effective controls for security, availability, and confidentiality. The SOC 3 report reflects our ongoing commitment to transparency and trust by demonstrating adherence to industry-standard practices for protecting customer data.

Click here to download the SOC 3 Report

Security Controls

Customer Data Protection

  • AES 256-bit encryption ensures robust protection for data at rest, while TLS 1.2 and HTTPS protocols secure data in transit, mitigating risks of interception and unauthorized access.

  • High-availability deployments with geographically redundant backups ensure consistent operational performance and data security.
  • Auto-scaling at the application layer is implemented to seamlessly handle both malicious attacks and sudden surges in legitimate traffic.

  • Supports SAML and ADFS-based Single Sign-On for streamlined and secure authentication.
  • Advanced Role-Based Access Control (RBAC) offers granular permissions management, aligning user roles with organizational needs.
  • Enforced customizable password policies ensure compliance with global security standards.
  • Corporate network access is tightly restricted via Zero Trust Network Access (ZTNA) or VPN solutions.
  • Comprehensive audit trails enable traceability for all user activities, assisting in regulatory compliance and operational transparency.

  • Next-generation antivirus safeguards devices and servers against evolving cyber threats.
  • Multi-layered security measures include a Web Application Firewall (WAF), Intrusion Detection System (IDS), and DoS protection to combat diverse attack vectors.

  • Comprehensive business continuity and disaster recovery protocols are in place to guarantee uninterrupted operations during unforeseen disruptions, supported by regular testing and updates.

  • Comprehensive cyber liability insurance covers security and privacy breaches, forensic investigations, social engineering attacks, and ransomware, offering financial protection and peace of mind.
Customer Data Protection

Secure Development Lifecycle

  • Integrates security and privacy requirements into the design phase to ensure compliance and risk mitigation across all lifecycle stages.

  • Train developers on secure coding and code review techniques including OWASP top 10 vulnerabilities and their prevention.
  • Automated code scanning is performed for identifying security issues.

  • Change management is integrated into the SDLC processes, with various internal and external stakeholders. Customers will be informed well in advance of any major breaking changes.

  • Access to production systems are restricted based on job roles and limited time access is given only on a need to know basis which expires after the requested time. Access is periodically reviewed.

  • Periodic security testing of applications as per OWASP standards.
  • Regular internal and external vulnerability assessment and penetration testing (VAPT).
  • Currently we do not have a public bug bounty program, but we highly appreciate the efforts of security researchers. Refer to our Responsible Vulnerability Disclosure Policy for more information.
Secure Development Lifecycle

Privacy by Design and by Default

  • ISO 27701:2019 Certified and have a well established, implemented, monitored and audited Privacy Information Management System.
  • Tracking collection, storage, processing, access, transfer, retention and removal of Personal Information.

  • Configurable retention periods towards personal information.
  • Dedicated process and a channel established for deletion of personal data upon request.

  • Identified, assessed and empanelled sub-processors ensuring appropriate fitments. You can read more about our process and List of Sub Processors here.

  • Certain privacy laws provide individuals with the right to request access to and/or deletion of personal information an organization has about them. To submit a data subject rights request in relation to personal information processed by Locus, please raise a request via mail to dpo@locus.sh.
Privacy by Design and by Default

strip-left-pattern

Make every delivery experience a part of your growth

strip-right-pattern
locus-logo-dark

Schedule a meeting with Locus

How can Locus help manage your logistics?

  • Locus’ proprietary geocoding engine converts the fuzziest of the addresses into precise geographical coordinates thereby helping your on-ground executives locate addresses easily.
  • Digitize all your operational variables such as fleets, delivery persons etc. to come up with the best route plan every day.
  • Track your orders in real-time with the Locus Live Dashboard. Locus’ all-mile delivery app Locus On The Road (LOTR) helps delivery partners process orders.
  • Visualize and tweak your scheduled plans via three key metrics— geography, time, & vehicle (fleet)—with a birds-eye view of your entire operations.
  • Build your own reports and analyze important parameters that you need to make key decisions.

Join Industry Leaders:

68m+ miles

Reduction in distance traveled

12m+ kgs

Reduction in GHG emissions

$330m+

Savings in logistics costs
brand logos
strip-left-pattern
strip-right-pattern