We understand the trust customers place in our product and services. The security and confidentiality of customer information is fundamental to everything we do. We therefore publish our information security and compliance practices, and keep our customers updated on our security practices and roadmap.
Security is built into the DNA of our organization and the core of our products. We employ best-in-class controls to secure data including encryption in transit and at rest, multi-factor authentication for access to systems, and internal programs centered around data security.
Fieldguide employees are granted access to least-necessary data to fulfill their job duties. All changes to an employee or contractor’s status (e.g. activation, termination, or position change) is logged to ensure timely access changes.
All Fieldguide assets are tracked and centrally managed. All employee hardware devices have full-disk encryption, antivirus, and firewalls and can be wiped remotely.
Risks are documented and reviewed annually and on an as-needed basis by Fieldguide’s Information Security Team. A roadmap is maintained of all planned information security improvements.
All vendors are vetted for security and compliance standards before contract initiation, all data stored with vendors is categorized, and all vendors are centrally managed by Fieldguide’s Information Security team and reviewed at least annually.
Fieldguide works with large organizations performing mission critical audit and compliance work. Our platform is architected for high availability, ensuring it's there to support your organization when you need it.
Fieldguide develops Business Continuity Playbooks to plan for adverse business events. It runs through each playbook on at least a quarerly basis as part of a simulated testing process.
Incidents go through four phases: Investigation & Diagnosis, Notification Strategy, Containment, and Eradication. All incidents result in the creation of a Root Cause Analysis (RCA) report.
Significant changes to the platform are controlled via a Change Control document that covers all aspect of the change, as well as necessary internal and external communications.
Fieldguide follows a Software Development Lifecycle (SDLC) that outlines activities across the following phases: Planning, Design, Development, Deployment, Vulnerability Management
Fieldguide is committed to protecting the privacy of your organization's data. Our data classification policies, ability to export data, and our transparent list of vendors are designed to provide you with peace of mind as your firm scales.
Fieldguide completes a SOC 2 (System and Organization Controls) Type 2 examination by a 3rd party audit firm on an annual basis. This report focuses on the security, availability, and confidentiality of its platform. Fieldguide's latest report is effective July 31, 2021.
Fieldguide regularly monitors its formal compliance initiatives and considers additional certifications on an as-needed basis.