FormFire is the provider of choice for any institution desiring the highest level of security and privacy. We work with a number of carriers and banks who simply will not do business with any organization that has not passed a rigorous audit and demonstrates an ability to maintain the same standards by which they abide. Highlights include:
Datacenters
FormFire applications are hosted from geographically redundant datacenters that meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Security Auditing and Penetration Testing
In addition to internal vulnerability scans and risk analysis, FormFire works with professional cyber security organizations which aim to find any areas of weakness. These rigorous penetration tests are performed at least annually.
Employee Screening and Security Awareness Training
Employees at FormFire are subject to extensive background checks prior to hire. Every employee is provided with training on security and privacy policies and procedures. We must attend data security awareness courses annually, and throughout each year of employment to ensure retention and application in our everyday jobs. Employee job descriptions are clearly written to include security roles and responsibilities for protecting data, as well as reviewed regularly.
Full End-To-End Encryption
There are multiple levels of security in place to protect all private data stored in our systems. FormFire uses AES-256 encryption to protect all personal data stored in databases, as well as in transit between systems. FormFire’s web applications use an Extended Validation Certificate (EV) with a sha256RSA signature algorithm for encrypted internet access. Backups also use strong encryption and are stored securely in the cloud.