PMWEB Achieves SOC 1 Type 2 and SOC 2 Type 1 Compliance

A Major Milestone in Our Commitment to Enterprise-Grade Security, Integrity, and Trust

At PMWEB, trust is at the foundation of everything we build. As owners, developers, and capital program leaders rely on PMWEB to manage billions in project investments, they expect uncompromising security, rigorous processes, and transparent proof of the controls that protect their data and operations.

Today, we’re proud to share a significant milestone in that commitment:
PMWEB has successfully completed SOC 1 Type 2 and SOC 2 Type 1 audits, conducted by an independent, accredited third-party auditor.

These reports validate that PMWEB’s internal controls, processes, and security practices meet the highest standards recognized across the industry.

What This Achievement Means for Our Customers

Verified Operational Integrity (SOC 1 Type 2)

Our SOC 1 Type 2 report evaluates both the design and operating effectiveness of controls relevant to financial reporting over a defined audit period.
For our customers, this demonstrates long-term reliability in the way PMWEB supports financial accuracy, project accountability, and the repeatable processes that underpin portfolio-level governance.

Proven Security & Trust Principles (SOC 2 Type 1)

Our SOC 2 Type 1 certification confirms that PMWEB has properly designed and implemented controls related to:

• Security
• Availability
• Processing Integrity

This provides immediate validation that PMWEB protects your data with strict, industry-accepted standards and a resilient security framework.

Enhanced Data Protection for Your Organization

PMWEB safeguards sensitive data through a robust security architecture that includes:

• Role-based access controls and granular permissions
• Multi-factor authentication
• TLS 1.2+ with 2048-bit certificates for data in transit
• AES-256 encryption for data at rest
• Continuous system and security monitoring
• Comprehensive audit logging for authentication events and user actions

External audits confirm the strength of our security practices and provide customers with the documentation needed to support internal and regulatory compliance requirements. Using a SOC-validated platform helps your organization meet its governance, audit, and reporting obligations, especially in financial, infrastructure, public agency, and highly regulated sectors.

How PMWEB Meets the Standards Behind the Certification

Our platform’s security model is built around the real-world needs of owners and operators:

Access & Authentication

• SSO support via SAML 2.0, LDAP, and MFA
• Role-based access controls for granular user permissions
• Encryption & Data Protection
• TLS 1.2+ and 2048-bit certificates for data in transit
• AES-256 encryption at rest
• Multi-region encrypted backups for resilience

Monitoring & Logging

• Comprehensive audit logs (authentication events, user actions, source IPs)
• Logs retained for a minimum of 30 days and protected from tampering
• Enterprise monitoring for system health and availability

Governance, Risk & Compliance

• Documented incident response plan and dedicated security team
• Alignment with NIST, ISO 27001, and OWASP
• Quarterly vulnerability scans and annual penetration tests
• Secure data return or purging upon contract completion

Business Continuity & Disaster Recovery

• Fully documented BCP and DR plans
• Annual testing to validate resilience and availability

Our Ongoing Commitment to Security & Trust

We continue to strengthen our controls, expand our audit scope, and invest in advanced monitoring and resilience capabilities. Our customers can expect ongoing enhancements as we elevate PMWEB to meet and exceed the standards required by world-class capital program organizations.

Protecting your data and the mission-critical decisions that on it is our promise.

For more information about our SOC reports and security practices, contact us.