Security

Last Updated: May 7, 2024

Our Security Commitment

At Fortify Risk AI, security is at the core of everything we do. We understand the critical nature of the work we perform for our clients and are committed to maintaining the highest standards of security in our operations, infrastructure, and service delivery.

Security Infrastructure

Our security infrastructure is built on industry-leading practices and technologies:

  • Cloud Security: We leverage enterprise-grade cloud infrastructure with advanced security controls, including encryption at rest and in transit, network segmentation, and continuous monitoring.
  • Data Encryption: All sensitive data is encrypted using AES-256 encryption both at rest and in transit.
  • Access Controls: We implement strict role-based access controls (RBAC) with multi-factor authentication (MFA) for all systems housing client data.
  • Network Security: Our network architecture includes multiple layers of security, including firewalls, intrusion detection and prevention systems, and advanced threat protection.
  • Monitoring and Alerting: 24/7 security monitoring and real-time alerting for any suspicious activities or potential security incidents.

Security Certifications and Compliance

We maintain compliance with relevant security standards and regulations:

  • SOC 2 Type II: Independently audited for security, availability, processing integrity, confidentiality, and privacy controls.
  • HIPAA Compliance: Our systems and processes align with HIPAA requirements for handling protected health information.
  • GDPR: We maintain compliance with the General Data Protection Regulation for handling personal data of EU citizens.
  • CCPA: Our practices align with the California Consumer Privacy Act requirements.

Security Operations

Our security operations include:

  • Security Team: Dedicated security professionals with extensive experience in information security, compliance, and risk management.
  • Vulnerability Management: Regular vulnerability scanning, penetration testing, and remediation processes.
  • Patch Management: Timely application of security patches and updates across all systems.
  • Incident Response: Comprehensive incident response plan with defined roles, procedures, and communication protocols.
  • Backup and Recovery: Regular data backups and tested disaster recovery procedures.

Employee Security

Our security practices extend to our team members:

  • Background Checks: Thorough background checks for all employees before hiring.
  • Security Training: Mandatory security awareness training for all employees, with regular updates and testing.
  • Confidentiality: All employees sign confidentiality and non-disclosure agreements.
  • Secure Development: Our development team follows secure coding practices and undergoes regular security training.

Client Data Security

We treat your data with the utmost care:

  • Data Segregation: Client data is logically segregated to ensure privacy and security.
  • Data Minimization: We collect and retain only the data necessary to provide our services.
  • Secure Data Transfer: All data transfers occur over encrypted channels.
  • Data Retention: We maintain clear data retention policies and secure data deletion procedures.

Security Assessments and Audits

We regularly assess and audit our security posture:

  • Independent Audits: Regular third-party security assessments and penetration testing.
  • Internal Audits: Frequent internal security reviews and compliance checks.
  • Continuous Improvement: We continuously evaluate and enhance our security controls and processes.

Security Incident Reporting

If you believe you have discovered a security vulnerability or incident related to our services, please report it immediately to security@fortifyrisk.ai.

We will investigate all legitimate reports and do our best to quickly address any vulnerabilities. We appreciate your help in keeping our platform secure.

Contact Our Security Team

For any questions regarding our security practices or to request more information about our security controls, please contact:

Email: security@fortifyrisk.ai
Phone: (800) 123-4567