FormFire is the provider of choice for any institution desiring the highest level of security and privacy. We work with a number of carriers and banks who simply will not do business with any organization who has not passed a rigorous audit and demonstrates an ability to maintain the same standards by which they abide. Highlights include:
FormFire maintains two geographically distinct SAS-70 Type II compliant datacenters, each of which could handle the full peak load of our users while both provide some of the highest physical security available.
Security Auditing and Penetration Testing
In addition to internal vulnerability scans and risk analysis, FormFire works with professional cyber security organizations which aim to find any areas of weakness. These rigorous penetration tests are performed at least annually.
Employee Screening and Security Awareness Training
Employees at FormFire are subject to extensive background checks prior to hire. Every employee is provided with training on security and privacy policies and procedures. We must attend data security awareness courses annually, and throughout each year of employment to ensure retention and application in our everyday jobs. Employee job descriptions are clearly written to include security roles and responsibilities for protecting data, as well as reviewed regularly.
Full End-To-End Encryption
There are multiple levels of security in place to protect all private data stored in our systems. FormFire uses AES-256 encryption to protect all personal data stored in databases, as well as in transit between systems. FormFire’s web applications use an Extended Validation Certificate (EV) with a sha256RSA signature algorithm for encrypted internet access. Backups also use strong encryption and are stored securely in the cloud.