Last updated June 2022
Firm360 software is hosted on Amazon AWS infrastructure. This is the same infrastructure that hosts amazon.com and many other popular websites around the internet. Their infrastructure has been proven secure and comply with the strictest industry standards including ISO 27001 and SOC2.
The security and privacy of your data is very important to us. Firm360 has been designed from the start using industry standard patterns for maximum data security.
Firm360 has achieved CSA STAR Level 1 security assessment. This compares our platform against industry best practices.
Firm360 uses Stripe (www.stripe.com) to process payments online. All payment card data is stored directly on Stripe PCI DSS validated servers. You can view our PCI SAQ questionnaire here.
All servers run the latest operating systems, and are configured for maximum security, and kept up to date with the latest available security patches. Access to resources is granted using the “principle of least privilege” - only grant resources that are required. All systems are monitored 24x7 for any type of breach or other outage.
All data is encrypted using Secure Sockets Layer (SSL) 256-bit encryption when in transit from your web computer to our servers, and any time it is transferred between our servers.
All data is stored on our servers is stored using the industry standard AES-256 encryption algorithm.
All end users and internal staff access the system using unique usernames and passwords. Password requirements are enforced to prevent weak passwords. End users are encouraged to enable “Two-factor Authentication” so that access to the system requires access to their mobile phone as well. Internal staff users all have “Two-Factor Authentication” enabled. All login events are audited and reviewed.
Your data and uploaded documents are backed up and stored securely in multiple redundant locations in multiple datacenters, across different regions of the US.