Security and Privacy at FutureOn

Application security is of the highest importance at FutureOn. During our Software Development Lifecycle (SDLC) we continuously scan FieldTwin for zero-day exploits and known software vulnerabilities.

All FieldTwin staging and production infrastructure is hosted in our Cloud Service Provider (CSP) environments. Therefore, all physical and environmental related controls which includes access to buildings are managed by our chosen CSP partners.

Our selected partners are certified to SOC1, SOC2, SOC3, ISO 27001, ISO 27017, ISO 27018 and PCI DSS.

Every employee at FutureOn from Sales to Development, including contractors undergoes in-depth cyber security awareness, GDPR awareness and privacy awareness training on their first day.

We run regular internal training sessions and all employees must keep up-to date and have attended a refresher at least once yearly.

FutureOn provides all of our clients, at no additional cost the functionality to implement Single Sign On using their preferred identity provider. We support Microsoft On-Premise AD, Azure AD, SAML 2.0 and OIDC.

We believe SSO is a core security requirement for any company, and is critical to IT and Security Teams to effectively manage user access.

We ensure encryption of all information while it’s in transfer and at rest. Data uploaded, created or stored in FieldTwin is considered customer confidential and customer owned. This data is protected in transit across public networks and encrypted.

All data transmitted between FieldTwin and a FieldTwin end user browser session is protected using TLS and HTTP Strict Transport Security (HSTS). 256-bit advanced encryption standard, with regular encryption key rotation.

We also allow customers to provide their own encryption key. We use strong 2048-bit keys for our SSL certificates, sign authentication tokens with SHA256 HMAC signatures and use BCrypt for password storage.