Security & Compliance

Fieldguide understands the trust customers place in its product and services. The security and confidentiality of customer information is one of our company's core objectives. We publicize our information security and compliance practices and keep our customers updated on our security roadmap.

This page provides a high-level overview of the steps taken to ensure the security of Fieldguide’s platform and data.


Security

Security is built into the DNA of our organization and the core of our products. We employ best-in-class controls to secure data including encryption in transit and at rest, multi-factor authentication for access to systems, and numerous internal programs centered around data security.

Encryption In Transit & At Rest

Data in transit is protected by SHA-2 certificates over SHA-256/AES-128 connections. Data is encrypted at rest with AES-256, block-level storage encryption on Amazon Web Services.

Secure Data Architecture

Fieldguide utilizes a secure, highly available database architecture, including leader-follower databases, automatic failover, Write-Ahead Logging, and point-in-time and snapshot-based rollback capabilities.

Multi-Factor Authentication

All Fieldguide accounts utilize multi-factor authentication and require strong passwords that meet OWASP and IRS standards.

Internal Security Programs

Access Management: Fieldguide employees are granted access to least-necessary data to fulfill their job duties. All changes to an employee or contractor’s status (e.g. activation, termination, or position change) is logged to ensure timely access changes.

Asset Management: All Fieldguide assets are tracked and centrally managed. All employee hardware devices have full-disk encryption, antivirus, and firewalls and can be wiped remotely.

Risk Management: Risks are documented and reviewed annually and on an as-needed basis by Fieldguide’s Information Security Team. A roadmap is maintained of all planned information security improvements.

Vendor Management: All vendors are vetted for security and compliance standards before contract initiation, all data stored with vendors is categorized, and all vendors are centrally managed by Fieldguide’s Information Security team and reviewed at least annually.

Reliability & Availability

Fieldguide works with large organizations performing mission critical audit and compliance work. Our platform is architected for high availability, ensuring it's there to support your organization when you need it.

Secure Infrastructure

Fieldguide's cloud infrastructure is hosted and managed on Amazon Web Service (AWS)'s secure data centers that have been certified under: ISO 27001, SOC 1, SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

Continuous Monitoring

Application monitoring and alerting runs 24/7 on Fieldguide's systems, ensuring errors and performance anomalies are identified and addressed.

Guaranteed Availability

Fieldguide offers a financially-backed SLA of 99.9% uptime, ensuring your organization can count on our products when you need them.

Internal Reliability & Availability Programs

Business Continuity: Fieldguide develops Business Continuity Playbooks to plan for adverse business events. It runs through each playbook on at least a quarerly basis as part of a simulated testing process.

Change Management: Significant changes to the platform are controlled via a Change Control document that covers all aspect of the change, as well as necessary internal and external communications.

Incident Management: Incidents go through four phases: Investigation & Diagnosis, Notification Strategy, Containment, and Eradication. All incidents result in the creation of a Root Cause Analysis (RCA) report.

Secure SDLC: Fieldguide follows a Software Development Lifecycle (SDLC) that outlines activities across the following phases: Planning, Design, Development, Deployment, Vulnerability Management

Privacy

Fieldguide is committed to protecting the privacy of your organization's data. Our data classification policies, ability to export data, and our transparent list of vendors are designed to provide you with peace of mind as your firm scales on Fieldguide.

Compliance with GDPR and CCPA

Fieldguide offers a Data Processing Addendum and adheres to Standard Contractual Clauses as a means to transfer data from the EU to the US. More information on Fieldguide's data privacy with respect to GDPR and CCPA can be found in our Privacy Policy.

Data ownership & portability

Your organization owns its data. Fieldguide makes it easy to export data in standard formats. Data deletion requests can be directed to privacy@fieldguide.io.

Data transparency

Fieldguide does not sell or share your data with 3rd parties. A limited number of data subprocessors are used to support certain Fieldguide operations and services, based on principles of least-necessary access.

SOC 2 Compliance

Fieldguide completes a SOC 2 (System and Organization Controls) examination by a 3rd party audit firm on an annual basis. This report focuses on the security, availability, and confidentiality of its platform. Fieldguide's latest report is effective July 31, 2020.

Fieldguide regularly monitors its formal compliance initiatives and considers additional certifications on an as-needed basis.