ISO AND SOC COMPLIANCE
Here at Factana, we have mandated a regular auditing of Fogwing platform and practices according to the Trust Services Criteria defined by The American Institute of Certified Public Accountants (AICPA) and has obtained a Service Organization Control 2 (SOC2) Type 1 report.
This external assurance audit is performed annually to get independent feedback on the effectiveness of the system design and cloud operating strength of the implemented controls.
Well established Information Security policies and procedures have been deployed to protect our customer data and adhere to the security standards prescribed by AICPA.
The following policies are covered by our Information Security and Service Management System:
- Code of Business Conduct
- Change Management
- Data Retention
- Data Backup
- Information security
- Vendor management
- Risk management
- Password management
- Media disposal
- Incident management
- Endpoint security
- Disaster recovery
- Data classification
- Business continuity
- Access control
- Acceptable usage
- Vulnerability management
We take a multilayered approach of application security, by ensuring everything from engineering to deployment, including architecture and quality assurance processes, complies with the highest security standards.
In addition, we comprehensively review every aspect of security, including cloud architecture, application level, network, and operational security. Periodic internal audits of all policies, vulnerability assessments, 3rd-party penetration tests and vendor risk assessments are carried out.
For detailed report about our security compliance and standards, visit our compliance site.
DATA PROTECTION
At Fogwing, we are committed to safeguarding the privacy and security of your personal data. This Data Protection Agreement (DPA) outlines how we collect, use, disclose, and protect your information when you visit our website.
Factana’s Fogwing Industrial Cloud is hosted on Microsoft Azure Cloud, the leading cloud infrastructure platform in the industry. Azure provides extensive set of industry-standard certifications with regular auditing to ensure compliance, including:
- SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
- SOC2
- SOC3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 27001
- ITAR
- FIPS 140-2
- ISO 27001/9001 certified
- ISO 27017/27018 certified
- Cloud Computing Compliance Controls
In addition to cloud security provided by Azure Infrastructure, we also enforced additional security to protect the infrastructure from external interferences.
The following are enforced as part of our application infrastructure and services.
- End to end Data encryption in transit between IoT Devices and Cloud Gateway using TLS in transit
- Disk encryption at rest – Data Disk Storage is encrypted on servers using Azure native AES-256 support.
- Authentication controls – Enforced native authentication within application infrastructure, IP address restrictions for API access, and forced resets, as well as optional single sign-on support with Office 365
- Our applications provide role-based access controls for every customer account with end user viewing, access & uploading permissions
- Administrative auditing – Manage users, groups, and access permissions, and audit user activity
We are constantly working with internal and external experts to apply further security controls and protections for on-going data protections.
To access our SOC2 audit report or DPA questions, please reach out to us [email protected] and we’d be happy to share with you.