We’ve reimagined our brand to better reflect who we are and who we serve. Learn More >

Security

Your Firm’s Security Is Our Top Priority

Firm360 ensures bank-level security with encryption, multi-factor authentication, and continuous monitoring to protect sensitive data. Our secure cloud infrastructure and strict compliance standards keep your information safe.

Amazon Hosting Provider

Firm360 software is hosted on Amazon AWS infrastructure. This is the same infrastructure that hosts amazon.com and many other popular websites around the internet. Their infrastructure has been proven secure and complies with the strictest industry standards including ISO 27001 and SOC2.

The security and privacy of your data is very important to us. Firm360 has been designed from the start using industry standard patterns for maximum data security.

  • All servers are secured and kept up to date.
  • All data is encrypted in transit using SSL.
  • All data is encrypted at rest using publicly available industry standard algorithms.
  • All data is backed up to multiple data centers in different regions of the US. Backups can be recovered to any point in time up to 30 days back.
  • We will not share any of your data with any external parties.‍

Security Assessments

Firm360 undergoes an extensive third party audit annually to certify our SOC2 Type II compliance. A copy of our latest SOC2 report is available for customers or prospective customers as needed.

In addition, Firm360 maintains compliance with the CSA STAR Level 1 security assessment. This compares our platform against industry best practices. View report.

Payments Security

Firm360 uses Stripe (www.stripe.com) to process payments online. All payment card data is stored directly on Stripe PCI DSS validated servers. You can view our PCI SAQ questionnaire here.

Server Security

All servers run the latest operating systems, are configured for maximum security, and are kept up to date with the latest available security patches. Access to resources is granted using the “principle of least privilege” — only grant resources that are required. All systems are monitored 24×7 for any type of breach or other outage.

Encryption

All data is encrypted using Secure Sockets Layer (SSL) 256-bit encryption when in transit from your web computer to our servers, and any time it is transferred between our servers. All data stored on our servers is stored using the industry standard AES-256 encryption algorithm.

Authentication

All end users and internal staff access the system using unique usernames and passwords. Password requirements are enforced to prevent weak passwords. End users are encouraged to enable “Two-factor Authentication” so that access to the system requires access to their mobile phone as well. Internal staff users all have “Two-Factor Authentication” enabled. All login events are audited and reviewed.

Backups

Your data and uploaded documents are backed up and stored securely in multiple redundant locations in multiple data centers, across different regions of the US.

Data Exports

Firm360 fundamentally believes that the data you store in the Firm360 platform belongs to YOU. Most data in the platform has an export feature in the system if you need access to the data. This includes Clients, Billing, Projects, etc.

 

For Documents, you can request an export of all your documents. These exports can be very large and need to be delivered and managed securely. If you are terminating your subscription, this export will be provided for free upon request. In all other cases, you will be charged a service fee for generating and delivering the export of your documents.