SAN FRANCISCO, Calif., Dec. 20, 2023 — Locus Technologies, (Locus), a trailblazer in cloud computing enterprise software for environmental, energy, air, ESG (Environmental, Social, and Governance), sustainability, water, and compliance management, proudly announces the successful completion of the System and Organization Controls (SOC) 1SM and 2SM examinations. These examinations reaffirm Locus’s unwavering dedication to maintaining exceptional standards in financial reporting management and overall system integrity, setting it apart from its competitors.
Conducted by A-Lign, a respected CPA firm, the comprehensive examination has once again validated Locus Technologies’ unparalleled commitment to stringent industry standards. The resulting CPA report attests to the company’s relentless focus on robust controls and procedures, ensuring the security, availability, processing integrity, confidentiality, and privacy of its Software as a Service (SaaS) system, placing it at the forefront of data protection in the industry.
Neno Duplan, Founder and CEO at Locus Technologies, expressed pride in the company’s continued strides in data security, stating, ‘Our successful compliance renewal further solidifies our position as an industry leader, showcasing our commitment to safeguarding our clients’ invaluable data. In our 27-year history as SaaS company we had no breaches of customer data’.
Locus’ consistent possession of these certifications since 2012 signifies the company’s steadfast dedication to excellence and its role as a standard-bearer for EHS Compliance and ESG software in providing a secure, dependable, and market-tested SaaS platform.
The recent examination by A-Lign not only reaffirms Locus Technologies’ position along with its Amazon Web Services (AWS) partner as an industry leader in cloud-based enterprise software but also underscores the company’s proactive approach to ensuring the highest levels of service quality and data protection for its global clientele, positioning it far ahead of its competitors.
Customers can remain assured of Locus’ unwavering commitment to delivering superior SaaS solutions and maintaining the security and reliability of customer data. For a company to receive SOC certification, it must have sufficient policies and strategies that satisfactorily protect customer’s data. SOC 1and SOC 2 certifications all require a service organization to display controls regulating their interaction with customers and customer data.
Locus leads the industry in providing cloud computing enterprise software for environmental, energy, air, ESG, sustainability, water, and compliance management. The company’s dedication to technological advancement and unparalleled data security ensures it delivers cutting-edge solutions that surpass industry standards and positions it as an industry leader in setting new benchmarks for safeguarding customer data.
About Locus Technologies
Locus gives businesses the power to be green on demand and has pioneered web-based environmental software suites. Locus software enables companies to organize and validate all critical environmental information in a single system, which includes analytical data for water, air, soil, greenhouse gases, sustainability, compliance, and environmental content. Locus software is delivered through Cloud computing (SaaS), so there is no hardware to procure, no hefty up-front license fee, and no complex set-ups. Locus also offers services to help implement and maintain environmental programs using our unique technologies.
Security is often one of the critical parameters reviewed in the purchase of any EHS software.
As part of that review, you may come across a System and Organization Controls (SOC) report provided by the software vendor. A SOC report is a certification issued following an audit that effectively assures that an organization has effectively managed controls related to security, availability, processing integrity, confidentiality, privacy of a system, and in some cases, its financial reporting. There are two main types of SOC reports – SOC 1 reports focus on the internal controls over financial reporting system of the service provider, while SOC 2 reports pertain to the effectiveness of controls that are relevant to the security, confidentiality or privacy of a system used by the service provider to process customers’ information.
Both reports validate the robustness of an organization’s systems and processes, providing assurance to customers or potential customers that their data is safe and that controls are in place. These reports are created after completion of a SOC audit, which reviews all pertinent information and identifies any potential risks related to the scope of the audit. For most software purchases, the SOC 2 report is primarily of interest, since it covers the security of the software’s servers and data systems. The SOC 2 report not only covers security, but also availability, processing integrity, confidentiality, and privacy.
When requesting a SOC report, it is important to understand not only the type of SOC audit that was completed, but also the scope of the audit itself.
Many software vendors will provide a SOC report, but if you review it carefully, you may notice that is limited to the data hosting service (e.g. Amazon Web Services or Azure). While it is important to assess security of the hosting service, that only covers part of the software’s overall footprint. The EHS software itself must be run and managed securely in order to protect confidential and private data, which is especially critical for certain EHS applications. The security and availability of the hosting service will not mean much if the EHS software itself is down or subject to security flaws.
If you are considering a software purchase for your organization, a SOC report can provide an excellent way to evaluate the integrity and security of potential systems, following a standardized protocol. But not all SOC reports are the same, and looking beyond the cover of the SOC report and understanding the scope and coverage of the SOC audit can help you avoid the potential pitfalls of buying EHS software that isn’t as secure or available as you need it.
The Locus Technologies ESG Survey Tool enables users to email surveys and questionnaires directly from Locus to their supply chain. This is achieved without having to create usernames and credentials those receiving surveys.
When surveys are issued, the tool generates a secure link to each email recipient. Email recipients click the link, respond to the survey or questionnaire (without having to create a Locus username/password), and the data will be captured within Locus software for ESG purposes. Recipients of the link only receive access to their survey form, and nothing else in the system, and the links expire within a prescribed timeframe to further strengthen security.
The survey tool securely streamlines data collection from external entities who would traditionally never be given access to the system, including suppliers, vendors, sales channels and consultants. Once collected, the data can be immediately be used for ESG calculations and reporting.
In a Software as a Service (SaaS) delivery model, service uptime is vital for several reasons. Besides the obvious of having access to the service over the internet at any given time and staying connected to it 24/7/365, there are additional reasons why service uptime is essential. One of them is quickly verifying the vendor’s software architecture and how it fits the web.
Locus is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust compliance program that carefully considers data protection matters across our cloud services and service uptime. After security, service uptime and multitenancy at Locus come as a standard and, for the last 25 years, have been the three most essential pillars for delivering our cloud software. Our real-time status monitoring (ran by an independent provider of web monitoring services) provides transparency around service availability and performance for Locus’ ESG and EHS compliance SaaS products. Earlier I discussed the importance of multitenancy in detail. In this article, I will cover the importance of service uptime as one measure to determine if the software vendor is running genuine multitenant software or not.
If your software vendor cannot share uptime statistics across all customers in real-time, they most likely do not run on a multitenant SaaS platform. One of the benefits of SaaS multitenancy (that is frequently overlooked during the customer software selection process) is that all customers are on the same instance and version of the software at all times. For that reason, there is no versioning of software applications. Did you ever see a version number for Google’s or Amazon’s software? Yet they serve millions of users simultaneously and constantly get upgraded. This is because multitenant software typically provides a rolling upgrade program: incremental and continuous improvements. It is an entirely new architectural approach to software delivery and maintenance model that frees customers from the tyranny of frequent and costly upgrades and upsell from greedy vendors. Companies have to develop applications from the ground up for multitenancy, and the good thing is that they cannot fake it. Let’s take a deeper dive into multitenancy.
An actual multitenant software provider can publish its software uptime across all customers in real-time. Locus, for example, has been publishing its service uptime in real-time across all customers since 2009. Locus’s track record speaks for itself: Locus Platform and EIM have a proven 99.9+ percent uptime record for years. To ensure maximum uptime and continuous availability, Locus provides redundant data protection and the most advanced facilities protection available, along with a complete data recovery plan. This is not possible with single-tenant applications as each customer has its software instance and probably a different version. One or a few customers may be down, others up, but one cannot generally aggregate software uptime in any meaningful way. The fastest way to find if the software vendor offers multitenant SaaS or is faking it is to check if they publish online, in real-time, their applications uptime, usually delivered via an independent third party.
Legacy client-server or single-tenant software cannot qualify for multitenancy, nor can it publish vendor’s uptime across all customers. Let’s take a look at definitions:
Single-Tenant – A single instance of the software and supporting infrastructure serves a single customer. With single-tenancy, each customer has their independent database and instance of the software. Essentially, there is no sharing happening with this option.
Multitenant – Multitenancy means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer shares the software application and also shares a single database. Each tenant’s data is isolated and remains invisible to other tenants.
A multitenant SaaS provider’s resources are focused on maintaining a single, current (and only) version of the software platform rather than being spread out in an attempt to support multiple software versions for customers. If a provider isn’t using multitenancy, it may be hosting thousands of single-tenant customer implementations. Trying to maintain that is too costly for the vendor, and sooner or later, those costs become the customers’ costs.
A vendor invested in on-premise, hosted, and hybrid models cannot commit to providing all the benefits of an actual SaaS model due to conflicting revenue models. Their resources will be spread thin, supporting multiple software versions rather than driving SaaS innovation. Additionally, suppose the vendor makes most of their revenue selling on-premise software. In that case, it is difficult for them to fully commit to a proper SaaS solution since most of their resources support the on-premise software. In summary, a vendor is either multitenant or not – there is nothing in between. If they have a single application installed on-premise of customer or single-tenant cloud, they do not qualify to be called multitenant SaaS.
Before you engage future vendors for your enterprise ESG reporting or EHS compliance software, assuming you already decided to go with a SaaS solution, ask this simple question:
Can you share your software uptime across ALL your customers in real-time? If the answer is no, pass.
And if the vendor suddenly introduces a “multitenant” model (after selling an on-premises or single-tenant software version for 10+ years), who in the world would want to migrate to that experimental cloud without putting the contract out to bid to explore a switch to well established and market-tested actual multitenant providers? The first-mover advantage of multitenancy is a considerable advantage for any vendor. Still not convinced? Let me offer a simple analogy to drive home the point as to why service uptime and multitenancy matter: Tesla vs. Edison–War of Currents.
The War of Currents was a series of events surrounding the introduction of competing electric power transmission systems in the late 1880s and early 1890s that pitted companies against one another and involved a debate over the cost and convenience of electricity generation and distribution systems, electrical safety, and a media/propaganda campaign, with the leading players being the direct current (DC) based on the Thomas Edison Electric Light Company and the supporters of alternating current (AC) based on Nikola Tesla’s inventions backed by Westinghouse.
With electricity supplies in their infancy, much depended on choosing the right technology to power homes and businesses across the country. The Edison-led group argued for DC current that required a power generating station every few city blocks (single-tenant model). In contrast, the AC group advocated for a centralized generation with transmission lines that could move electricity great distances with minimal loss (multitenant model).
The lower cost of AC power distribution and fewer generating stations eventually prevailed. Multitenancy is equivalent to AC regarding cost, convenience, and network effect. You can read more about how this analogy relates to SaaS in the book by Nicholas Carr, “Big Switch.” It’s the best read so far about the significance of the shift to multitenant cloud computing. Unfortunately, the ESG/EHS software industry has lagged in adopting multitenancy.
Given these fundamental differences between different modes of delivering software as a service, it is clear that the future lies with the multitenant model.
Whether all customer data is in one or multiple databases is of no consequence to the customer. For those arguing against it, it is like an assertion that companies “do not want to put all their money into the same bank account as their competitors,” when what those companies are doing is putting their money into different accounts at the same bank.
When customers of a financial institution share what does not need to be partitioned—for example, the transactional logic and the database maintenance tools, security, and physical infrastructure and insurance offered by a major financial institution—then they enjoy advantages of security, capacity, consistency, and reliability that would not be affordably deliverable in isolated parallel systems.
Locus has implemented procedures designed to ensure that customer data is processed only as instructed by the customer throughout the entire chain of processing activities by Locus and its subprocessors. Amazon Web Services, Inc. (“AWS”) provides the infrastructure used by Locus to host or process customer data. Locus hosts its SaaS on AWS using a multitenant architecture designed to segregate and restrict customer data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific “Organization IDs” and allows customer and user role-based access privileges. The customer interaction with Locus services is operated in an architecture providing logical data separation for different customers via customer-specific accounts. Additional data segregation ensures separate environments for various functions, especially testing and production.
Multitenancy yields a compelling combination of efficiency and capability in enterprise cloud applications and cloud application platforms without sacrificing flexibility or governance.
Locus has been preaching on the pitfalls of Excel for a long time. It’s no surprise that one of the worst imaginable errors in Excel that could’ve happened, did. Almost 16,000 COVID-19 cases in England went unreported because Public Health England hit the maximum row count in their version of Excel.
This is not the only example of Excel being misused or being the wrong tool entirely for the job. Excel is not in any way a data management system for complex or vital data. When it comes to sustainability reporting and environmental data management, the evils of the grid are a force to be reckoned with. We have highlighted a few examples that will have you shivering.
Case 1: The Evils of Autofill
Take a look at this harmless-looking chart. It shows monthly electricity consumption for a facility set to report:
|Monthly Electricity Consumption (MWh)
During review, the auditor notices a distinct trend from April to December, indicating false data overwritten by a stray double-click. Eventually, the auditor required re-entering all invoice data for dozens of facilities to correct the issue. Where the original data went and how autofill went astray remains a mystery.
Case 2: The Phantom File Editor
Imagine using a massive spreadsheet with lots of linked calculations for your annual sustainability report. One of the team engineers works on the file to input more data and get it ready for presentation. But in the final steps, they accidentally delete one of the formulas that sum up the indicators. The annual total looks great for the presentation since you’ve effectively removed a portion of your resource consumption, but afterwards you discover the conclusions were incorrectly calculated. How did that error get introduced? The spreadsheet has no auditing capabilities on the individual values, so you may never know.
Excel supports multiple users editing one document simultaneously, but not well. Multiple records are saved, edits are lost, and vital data vanishes, or at best is very hard to recover. The Track Changes feature is not infallible, and over reliance on it will cause hardship.
Case 3: Date of the Dead
Excel has a frustrating insistence of changing CAS numbers into dates, even if they are something like “7440-09-7″ turning into September 7, 7400. If you’re not explicit in your cell formatting, Excel isn’t happy leaving values as they are.
Case 4: Imposter Numerical Values
You meant to type 1.5, but you typed “1..5” or “.1.5”. Does Excel reject these imposter numbers or let you know of a potential error? No, it’s stored in Text format. This can throw off any averages or sums you may be tracking. This minor identity theft can cause a real headache.
Other Significant Cases:
Other data quality issues with using Excel include, but are not limited to:
- Locations with multiple variations of the same ID/name (e.g., MW-1, MW-01, MW 1, MW1, etc.)
- Use of multiple codes for the same entity (e.g., SW and SURFW for surface water samples)
- Loss of significant figures for numeric data
- Special characters (such as commas) that may cause cells to break unintentionally over rows when moving data into another application
- Bogus dates like “November 31” in columns that do not have date formats applied to them
- Loss of leading zeros associated with cost codes and projects numbers (e.g., “005241”) that have only numbers in them but must be stored as text fields
- The inability to enforce uniqueness, leading to duplicate entries
- Null values in key fields (because entries cannot be marked as required)
- Hidden rows and/or columns that can cause data to be shifted unintentionally or modified erroneously
- Inconsistent use of lab qualifiers— in some cases, these appear concatenated in the same Excel column (e.g., “10U, <5”) while in other cases they appear in separate columns
As you can see, the horrors of Excel are common, and terrifying. Without a proper system of record, auditing features, and the ability for data to vanish into the ephemera, Excel offers little in the way of data security and quality for organizations managing vital environmental and compliance data. Many are learning firsthand the superiority of database management systems over spreadsheets when it comes to managing data. Now is the time to examine the specific shortcomings of your current system and consider your options.
At Locus, we understand the unique requirements of EHS managers. More than many, EHS managers are dealing with a wide range of duties instead of a few pointed ones. With so many responsibilities, it can be hard at times to stay on top of your organization’s EHS needs. In this blog we highlight a few common compliance-related issues that should resonate with most EHS managers and the steps we’ve taken to help you with them.
The worry of missing a regulatory change
They say it takes a village to raise a child, but it also takes a village to keep up with your organization’s regulations. If you are dealing with compliance, then chances are you’ve not been the first to know about a regulatory change, or you’ve found out about one later than you would have liked.
When you’re getting notifications from OSHA and the DOT and you’re checking specific permits and getting letters and emails about changes, sometimes it can all be too much. With Locus, you have the added benefit of an extra set of eyes, well… multiple sets of eyes. Our team keeps up with every rule and regulation used in our applications to further assist you with the breadth of information you have to manage. Locus EHS software is also integrated with RegScan, giving users seamless real-time access to current EHS regulations. This will allow Locus users to customize a watchlist in RegScan to quickly and readily view EHS regulations relevant to them.
Managing maintenance costs
When you have to worry about ever-changing costs that touch several parts of your business, the last thing you need is a gated product update from your EHS software vendor. With Locus’ SaaS model, you see reduced implementation costs and no costly upgrades – everyone is on the same version. And since everything is in one place, you have a reduced amount of wasted time finding information and making it actionable.
Being cognizant of your data security
EHS managers deal with sensitive data, ranging from social security numbers to workman’s comp issues. Not taking proper care of this information can be anything from a PR debacle to a legal battle. With Locus, you have the peace of mind in knowing that your data is stored in entirety on the most secure cloud, Amazon Web Services (AWS). Not only that, but you have extensive security and admin access options, so you can have the relief in knowing only those with privileges can see certain information.
Quick access to stored information
Whether you’re looking for purchase documentation of PPEs or you need to reference yesterday’s GHG numbers, you need access to that data without having to wade through multiple applications. And with all of your data stored in one secure repository, not only can it be accessed quickly, but it can be incorporated with other tools like automated reporting.
Consolidation of compliance data
Are you still dealing with a different filing cabinet or file folder for each type of compliance? Not having your compliance data consolidated into one application means wasted time and time spent re-entering information (possibly incorrectly). Locus combines water, air, hazardous waste, DOT, PPE, workman’s comp, incidents, and more into one streamlined application to help with your organization and efficiency.
We are determined to support the needs of the user, you, first. By focusing on product development and customer service first, we feel that we have created a software as a service model that is both flexible and time-saving. If you are experiencing any of these issues with your current provider, we ask that you speak with a Locus representative today for a consultation or in-depth demo of what we can offer.
Software as a service (SaaS) databases offer several unique features that allow you to manage your environmental data more thoroughly and efficiently. This infographic highlights twelve key features of SaaS databases for environmental software.
This infographic was created based on a four part series of blog posts on the same topic, which can be read here.
Let’s look back on the most exciting new features and changes made in EIM, Locus’ environmental data management software, during 2019!
1. Migration to AWS Cloud
In August, Locus migrated EIM into the Amazon Web Services (AWS) cloud. EIM already had superior security, reliability, and performance in the Locus Cloud. The move to AWS improves on those metrics and allows Locus to leverage AWS specific tools that handle big data, blockchain, machine learning, and data analytics. Furthermore, AWS is scalable, which means EIM can better handle demand during peak usage periods. The move to AWS helps ensure that EIM remains the world’s leading water quality management software.
2. SSO Login
EIM now supports Single Sign-On (SSO), allowing users to access EIM using their corporate authentication provider. SSO is a popular security mechanism for many corporations. With SSO, one single login allows access to multiple applications, which simplifies username and password management and reduces the number of potential targets for malicious hacking of user credentials. Using SSO with EIM requires a one-time configuration to allow EIM to communicate with a customer’s SSO provider.
3. GIS+ Data Callouts
The Locus GIS+ solution now supports creating data callouts, which are location-specific crosstab reports listing analytical, groundwater, or field readings. A user first creates a data callout template using a drag-and-drop interface in the EIM enhanced formatted reports module. The template can include rules to control data formatting (for example, action limit exceedances can be shown in red text). When the user runs the template for a specific set of locations, EIM displays the callouts in the GIS+ as a set of draggable boxes. The user can finalize the callouts in the GIS+ print view and then send the resulting map to a printer or export the map to a PDF file.
4. EIM One
For customers who don’t require the full EIM package, Locus now offers EIM One, which gives the ability to customize EIM functionality. Every EIM One purchase comes with EIM core features: locations and samples; analytical and field results; EDD loading; basic data views; and action limit exceedance reports. The customer can then purchase add-on packages to get just the functionality desired–for example a customer with DMR requirements may purchase the Subsurface and Regulatory Reporting packages. EIM One provides customers with a range of pricing options to get the perfect fit for their data management needs.
5. IoT data support
EIM can now be configured to accept data from IoT (internet of things) streaming devices. Locus must do a one-time connection between EIM and the customer’s IoT streaming application; the customer can then use EIM to define the devices and data fields to capture. EIM can accept data from multiple devices every second. Once the data values are in EIM, they can be exported using the Expert Query tool. From there, values can be shown on the GIS+ map if desired. The GIS+ Time Slider automation feature has also been updated to handle IoT data by allowing the time slider to use hours, minutes, and seconds as the time intervals.
6. CIWQS and NCDEQ exports
EIM currently supports several dozen regulatory agency export formats. In 2019, Locus added two more exports for CIWQS (California Integrated Water Quality System Project) and the NCDEQ (North Carolina Department of Environmental Quality). Locus continues to add more formats so customers can meet their reporting requirements.
7. Improved Water Utility reporting
EIM is the world’s leading water quality management software, and has been used since 1999 by many Fortune 500 companies, water utilities, and the US Government. Locus added two key reports to EIM for Water in 2019 to further support water quality reporting. The first new report returns chlorine averages, ranges, and counts. The second new report supports the US EPA’s Lead and Copper rule and includes a charting option. Locus will continue to enhance EIM for Water by releasing the 2019 updates for the Consumer Confidence Report in January 2020.
8. Improved Non-Analytical Views
Locus continues to upgrade and improve the EIM user interface and user experience. The most noticeable change in 2019 was the overhaul of the Non-analytical Views pages in EIM, which support data exports for locations, samples, field readings, groundwater levels, and subsurface information. Roughly 25 separate pages were combined into one page that supports all these data views. Users are directed through a series of filter selections that culminate in a grid of results. The new page improves usability and provides one centralized place for these data reports. Locus plans to upgrade the Analytical Views in the same way in 2020.
9. EIM search box
To help customers find the correct EIM menu function, Locus added a search box at the top right of EIM. The search box returns any menu items that match the user’s entered search term. In 2020, Locus will expand this search box to return matching help file documents and EDD error help, as well as searches for synonyms of menu items.
10. Historical data reporting in EDD loading
The EIM EDD loader now has a new “View history” option for viewing previously loaded data for the locations and parameters in the EDD. This function lets users put data in the EDD holding table into proper historical context. Users can check for any unexpected increases in parameter concentrations as well as new maximum values for a given location and parameter.
In this infographic, we have outlined a few of the ways EHS programs benefit from having an AWS-hosted solution. Locus customers recently received these benefits as a result of moving our entire infrastructure to Amazon Web Services—the world’s leading cloud. Learn more about the move to AWS.
299 Fairchild Drive
Mountain View, CA 94043
P: +1 (650) 960-1640
F: +1 (415) 360-5889
Locus Technologies provides cloud-based environmental software and mobile solutions for EHS, sustainability management, GHG reporting, water quality management, risk management, and analytical, geologic, and ecologic environmental data management.