Fieldguide understands the trust customers place in its product and services. The security and confidentiality of customer information is one of our company's core objectives. We publicize our information security and compliance practices and keep our customers updated on our security roadmap.
This page provides a high-level overview of the steps taken to ensure the security of Fieldguide’s platform and data.
Security is built into the DNA of our organization and the core of our products. We employ best-in-class controls to secure data including encryption in transit and at rest, multi-factor authentication for access to systems, and numerous internal programs centered around data security.
Data in transit is protected by SHA-2 certificates over SHA-256/AES-128 connections. Data is encrypted at rest with AES-256, block-level storage encryption on Amazon Web Services.
Fieldguide utilizes a secure, highly available database architecture, including leader-follower databases, automatic failover, Write-Ahead Logging, and point-in-time and snapshot-based rollback capabilities.
All Fieldguide accounts utilize multi-factor authentication and require strong passwords that meet OWASP and IRS standards.
Access Management: Fieldguide employees are granted access to least-necessary data to fulfill their job duties. All changes to an employee or contractor’s status (e.g. activation, termination, or position change) is logged to ensure timely access changes.
Asset Management: All Fieldguide assets are tracked and centrally managed. All employee hardware devices have full-disk encryption, antivirus, and firewalls and can be wiped remotely.
Risk Management: Risks are documented and reviewed annually and on an as-needed basis by Fieldguide’s Information Security Team. A roadmap is maintained of all planned information security improvements.
Vendor Management: All vendors are vetted for security and compliance standards before contract initiation, all data stored with vendors is categorized, and all vendors are centrally managed by Fieldguide’s Information Security team and reviewed at least annually.
Fieldguide works with large organizations performing mission critical audit and compliance work. Our platform is architected for high availability, ensuring it's there to support your organization when you need it.
Fieldguide's cloud infrastructure is hosted and managed on Amazon Web Service (AWS)'s secure data centers that have been certified under: ISO 27001, SOC 1, SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
Application monitoring and alerting runs 24/7 on Fieldguide's systems, ensuring errors and performance anomalies are identified and addressed.
Fieldguide offers a financially-backed SLA of 99.9% uptime, ensuring your organization can count on our products when you need them.
Business Continuity: Fieldguide develops Business Continuity Playbooks to plan for adverse business events. It runs through each playbook on at least a quarerly basis as part of a simulated testing process.
Change Management: Significant changes to the platform are controlled via a Change Control document that covers all aspect of the change, as well as necessary internal and external communications.
Incident Management: Incidents go through four phases: Investigation & Diagnosis, Notification Strategy, Containment, and Eradication. All incidents result in the creation of a Root Cause Analysis (RCA) report.
Secure SDLC: Fieldguide follows a Software Development Lifecycle (SDLC) that outlines activities across the following phases: Planning, Design, Development, Deployment, Vulnerability Management
Fieldguide is committed to protecting the privacy of your organization's data. Our data classification policies, ability to export data, and our transparent list of vendors are designed to provide you with peace of mind as your firm scales on Fieldguide.
Fieldguide offers a Data Processing Addendum and adheres to Standard Contractual Clauses as a means to transfer data from the EU to the US. More information on Fieldguide's data privacy with respect to GDPR and CCPA can be found in our Privacy Policy.
Your organization owns its data. Fieldguide makes it easy to export data in standard formats. Data deletion requests can be directed to privacy@fieldguide.io.
Fieldguide does not sell or share your data with 3rd parties. A limited number of data subprocessors are used to support certain Fieldguide operations and services, based on principles of least-necessary access.
Fieldguide completes a SOC 2 (System and Organization Controls) examination by a 3rd party audit firm on an annual basis. This report focuses on the security, availability, and confidentiality of its platform. Fieldguide's latest report is effective July 31, 2020.
Fieldguide regularly monitors its formal compliance initiatives and considers additional certifications on an as-needed basis.