Security and Compliance Statement

 Scope AR’s most important concerns are the protection and reliability of customer data. Many of their enterprise customers demand the highest levels of data security and have tested our services to verify that it exceeds their standards.

Scope AR’s security controls are based on industry best practices, many of which are outlined in compliance frameworks such as AICPA SSAE 18 SOC 2 and ISO 27001. Its system infrastructure and applications are updated regularly with the latest security patches and all systems utilize hardened and patched containers. All cloud-based products reside securely in AWS as they are an AICPA SOC 1, SOC 2 type 2 and SOC 3 approved service provider and are ISO 27001, 27017 and 27018 certified. 

Scope AR uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. CAD and other metadata uploaded into the WorkLink platform can be encrypted with AES 256-bit encryption at rest, and this data is never stored to disk in a decrypted state and only decrypted in memory. In the multi-tenant cloud offering, Scope AR utilizes the AWS Key Management Server (KMS) that is FIPS 140-2 validated, and all customer information is encrypted with a unique key. Application and network controls are also in place to monitor and prevent unauthorized access to systems. Scope also performs complete backups nightly.

To better serve Scope’s customers and accelerate enterprise compliance audits, a full functional and security requirements discussion is recommended to identify specific risks and security business requirements.

Questions regarding this statement may be sent to