Security and compliance
Protecting your data with secure Canadian infrastructure and industry-aligned controls
Security is foundational to TankAware Canada Inc. (TankAware).
Our TankAware CMMS platform is built using a secure-by-design architecture that prioritizes Canadian data residency, encryption by default, layered defense controls, and continuous monitoring.
We support organizations operating in regulated, municipal, and compliance-driven environments– and our security posture reflects those expectations.
Security controls
TankAware CMMS implements multiple layers of security controls across infrastructure, application access, data protection, and system monitoring to safeguard operational data and support regulatory and organizational security requirements.
Core security controls
What it addresses
Operational value
Canadian data residency
Data sovereignty and privacy requirements
Supports compliance with Canadian data residency and procurement requirements
Secure cloud infrastructure
Infrastructure security and network access
Reduces infrastructure risk and supports secure, reliable system operations
Perimeter and application protection
Web-based threats and unauthorized access
Protects against external threats and reduces attack surface
Encryption and data protection
Data confidentiality and integrity
Protects sensitive data and ensures secure information handling
Identity and access management
Authentication and user permissions
Ensures controlled user access and secure system authorization
Monitoring, logging, and threat visibility
Visibility and threat detection
Enables operational visibility, auditability, and timely threat detection
Availability, backup, and resilience
Downtime and data loss
Supports business continuity, data recovery, and system reliability
Secure development lifecycle
Application vulnerabilities
Reduces application risk and supports secure software releases
Patch and vulnerability management
Known system weaknesses
Maintains ongoing system security and reduces exposure to vulnerabilities
Compliance and standards alignment
Regulatory and audit requirements
Supports audit readiness and alignment with recognized security standards
Shared responsibility model
Cloud security accountability
Establishes clear accountability for infrastructure and application security
Continuous security improvement
Evolving threats and risks
Supports ongoing risk reduction and adaptation to emerging threats
Explore each capability in detail to understand how TankAware CMMS supports your regulated operations.
Canadian data residency
Canadian data residency All production systems and customer data are hosted exclusively in Amazon Web Services (AWS) – Canada.
This hosting ensures:
Data residency within Canadian borders
Alignment with Canadian procurement requirements
Support for The Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy frameworks
Infrastructure governed under Canadian jurisdiction
Customer production data is not hosted outside Canada.
Supports: Compliance with Canadian data residency, privacy, and procurement requirements
Secure cloud infrastructure
Secure cloud infrastructure TankAware CMMS is built on Amazon Web Services using a defense-in-depth architecture.
We leverage managed cloud services to reduce operational risk, ensure timely patching, and benefit from AWS-native security controls.
Infrastructure security includes:
Segmented virtual private cloud architecture
Private database deployment (no direct public exposure)
Load-balanced application layer
Network access controls enforcing least privilege
Web application firewall (WAF) protection
All systems are configured following AWS security best practices.
Supports: Reduced infrastructure risk and secure, reliable system operations
Perimeter and application protection
Perimeter and application protection TankAware CMMS is protected against common web-based threats, including:
SQL injection
Cross-site scripting (XSS)
OWASP Top 10 vulnerabilities
Malicious automated traffic
Rate-based and volumetric abuse attempts
Traffic is filtered and monitored at the network edge to reduce attack surface and unauthorized access attempts.
Geographic access controls are implemented to prioritize Canadian-origin access.
Supports: Protection against external threats and reduced attack surface
Encryption and data protection
Encryption and data protection Encryption is enforced for both data at rest and in transit.
Data at rest:
Encrypted databases
Encrypted object storage
Encrypted configuration and secrets
Data at rest:
TLS encryption for all client and system communications
Secure, HTTP-only cookies for authentication sessions
Sensitive credentials and configuration values are centrally managed and access-controlled.
Supports: Protection of sensitive data and secure information handling
Identity and access management
Identity and access management Access to TankAware CMMS is governed by strict authentication and authorization controls.
Role-Based Access Control (RBAC)
Fine-grained permissions by user role
Email verification required prior to account activation
Strong password complexity requirements
Optional Multi-Factor Authentication (2FA)
Infrastructure access is restricted through cloud-native identity and access management policies.
We follow the principle of least privilege across application and infrastructure layers.
Supports: Controlled user access and secure system authorization
Monitoring, logging, and threat visibility
Monitoring, logging, and threat visibility Comprehensive logging and monitoring are enabled across the TankAware CMMS environment.
This includes:
Administrative activity logging
Network flow monitoring
Web firewall event logging
Application and database logging
Real-time monitoring and alerting
These controls provide operational visibility, anomaly detection capability, and forensic traceability.
Supports: Operational visibility, auditability, and timely threat detection
Availability, backup, and resilience
Availability, backup, and resilience TankAware CMMS is engineered for reliability and operational continuity.
Load-balanced architecture
Automated health checks
Automated database backups
Point-in-time recovery capability
Infrastructure-as-code for rapid environment restoration
Our architecture supports high availability and fault tolerance appropriate for operational systems.
Supports: Business continuity, data recovery, and system reliability
Secure development lifecycle
Secure development lifecycle Security is embedded throughout the TankAware CMMS development process.
We conduct:
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Dependency vulnerability scanning
Code quality and security review prior to release
Identified Medium, High, or Critical vulnerabilities are remediated and validated prior to production deployment.
Supports: Reduced application risk and more secure software releases
Patch and vulnerability management
Patch and vulnerability management We leverage managed cloud services for TankAware CMMS to reduce infrastructure patching risk and maintain up-to-date system components.
Application dependencies are routinely scanned for vulnerabilities, and remediation is prioritized based on severity and impact.
Supports: Ongoing system security and reduced exposure to known vulnerabilities
Compliance and standards alignment
Compliance and standards alignment TankAware CMMS operates on AWS infrastructure certified under globally recognized security frameworks, including:
SOC 1 / SOC 2 / SOC 3
ISO 27001
ISO 27017
ISO 27018
PCI DSS Level 1
FedRAMP
Our platform supports alignment with Canadian privacy regulations, including PIPEDA.
Supports: Audit readiness and alignment with recognized security standards
Shared responsibility model
Shared responsibility model TankAware CMMS follows the AWS Shared Responsibility Model:
AWS secures the underlying cloud infrastructure
TankAware CMMS secures the application layer, configuration, and customer data within the platform
This layered model ensures accountability and comprehensive protection.
Supports: Clear accountability for infrastructure and application security
Continuous security improvement
Continuous security improvement Security is not static. We continuously evaluate and improve TankAware CMMS controls, monitoring, and development practices to address evolving threats and regulatory expectations.
Supports: Ongoing risk reduction and adaptation to evolving threats
Blog
Latest insights and best practices
Environmental compliance and regulation
Understanding environmental compliance regulations
Stay up-to-date with the latest regulatory requirements affecting fuel storage operations.
ESG and sustainability
The latest tutorials & product news
Gravida neque aliquam montes, eu congue purus senectus risus.
Maintenance and inspection best practices
See what’s coming next at WP Vantage
Convallis sit etiam ultrices odio at in ut adipiscing ipsum.
Security review and documentation
We understand the importance of formal information technology review processes.
Additional documentation, architecture summaries, and security questionnaire responses are available upon request. Please contact us using the Contact sales form.
Related information
Case studies and success stories
Discover how organizations use TankAware CMMS
Insights and best practices
Explore compliance and maintenance resources
Explore TankAware CMMS
Learn about our purpose-built platform
View pricing
View TankAware CMMS pricing
About TankAware
View information about TankAware
Contact TankAware
Start a conversation
Get started
Transform your compliance operations
Discover why TankAware CMMS helps teams stay audit-ready and operate with confidence.