Secure by Design

SOC reporting and cybersecurity transparency

Cybersecurity and transparency for modern transportation infrastructure.

As transportation systems become increasingly connected, cloud-based, and data-driven, cybersecurity is more important than ever. From traffic signal control and connected vehicle infrastructure to regional traffic management centers, agencies need confidence that their systems and data are protected.

Q-Free designs its transportation solutions with security at their core — helping agencies securely manage devices, users, and data across complex ITS ecosystems.

Q-Free was the first North American ATMS provider to achieve a SOC 2 Type II attestation for cloud-hosted deployments of Kinetic® Mobility and now provides a publicly downloadable SOC 3 report to support cybersecurity transparency and customer trust.

Download SOC 3 report

Why it Matters

As agencies evaluate cloud-hosted transportation systems and modern ITS platforms, cybersecurity reviews are becoming an increasingly important part of procurement and operational planning.

SOC reporting helps agencies better understand how vendors approach security, data protection, operational processes, and risk management — providing independent validation that cybersecurity practices are designed and operating effectively over time.

SOC 2 vs SOC 3 Explained

SOC reporting helps organizations demonstrate that they maintain strong cybersecurity and operational controls for managing customer systems and data.

What is SOC 2 Type 2?

SOC 2 Type 2 is an independent audit that evaluates how effectively an organization has designed and applied their security controls over a period of time. Audit and final report are based on five Trust Services Criteria (TSC) created by the American Institute of Certified Public Accountants (AICPA).

The TSC are:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

Security is required in every SOC 2 report, while the remaining criteria vary based on organizational scope and services.

SOC 2 Type 2 reports are typically detailed confidential documents shared during procurement and security reviews.

What is SOC 3?

A SOC 3 report is a public-facing summary based on the same rigorous audit criteria as SOC 2 Type 2. It allows organizations to publicly demonstrate independently validated cybersecurity practices without exposing sensitive operational data.

Unlike organizations that require lengthy request forms or approval processes, Q-Free makes it SOC 3 report publicly downloadable to simplify access to cybersecurity information for agencies and partners.

SOC 2 Type 2SOC 3
Detailed confidential audit reportPublic-facing summary report
Shared during procurements/security reviewsPublicly downloadable
Technical operational validationBuilds transparency and public trust
Includes detailed testing proceduresHigh-level independent validation

What it Means for Agencies

  • Validated Security – Independent, third-party verification that our security controls are designed and operating effectively
  • Greater Transparency – Clear insight into how systems and customer data are protected
  • Reduced Risk – Streamlined due diligence during procurement with trusted, industry-recognized standards
  • Secure Cloud-Hosted Infrastructure – Q-Free’s Kinetic Mobility platform supports secure cloud-native deployments with modern security architecture and operational safeguards.

Access the SOC 3 Report

Q-Free believes cybersecurity transparency should be accessible. Download our publicly available SOC 3 report to learn more about our independently validated cybersecurity practices.

Download report