You’re entrusting FutureOn with your data, and we take that responsibility very seriously and it is one of our highest priorities. See below just some of the measures we take to keep your data safe, prevent leaks and block unauthorized access:
Security and Privacy at FutureOn
Continuous vulnerability scans
Application security is of the highest importance at FutureOn. During our Software Development Lifecycle (SDLC) we continuously scan FieldTwin for zero-day exploits and known software vulnerabilities.
Regular third-party penetration tests
We’re committed to regular third-party penetration tests and code auditing, usually on a quarterly basis. We publish these findings with potential and existing customers.
All FieldTwin staging and production infrastructure is hosted in our Cloud Service Provider (CSP) environments. Therefore, all physical and environmental related controls which includes access to buildings are managed by our chosen CSP partners.
Our selected partners are certified to SOC1, SOC2, SOC3, ISO 27001, ISO 27017, ISO 27018 and PCI DSS.
Every employee at FutureOn from Sales to Development, including contractors undergoes in-depth cyber security awareness, GDPR awareness and privacy awareness training on their first day.
We run regular internal training sessions and all employees must keep up-to date and have attended a refresher at least once yearly.
FutureOn provides all of our clients, at no additional cost the functionality to implement Single Sign On using their preferred identity provider. We support Microsoft On-Premise AD, Azure AD, SAML 2.0 and OIDC.
We believe SSO is a core security requirement for any company, and is critical to IT and Security Teams to effectively manage user access.
We host FieldTwin data in state-of-the-art data centres, usually in Google Cloud, Microsoft Azure or Amazon Web Services. The location depends on the needs of the individual customer and applicable laws, but we are happy to deploy FieldTwin to the customers preferred location if it is available to us.
Highest Industry Standard Encryption
We ensure encryption of all information while it’s in transfer and at rest. Data uploaded, created or stored in FieldTwin is considered customer confidential and customer owned. This data is protected in transit across public networks and encrypted.
All data transmitted between FieldTwin and a FieldTwin end user browser session is protected using TLS and HTTP Strict Transport Security (HSTS). 256-bit advanced encryption standard, with regular encryption key rotation.
We also allow customers to provide their own encryption key. We use strong 2048-bit keys for our SSL certificates, sign authentication tokens with SHA256 HMAC signatures and use BCrypt for password storage.
You can find more in-depth information about our Security and Privacy on this page.
You can also contact our security team by email at firstname.lastname@example.org for any security related queries.