FluentPro’s information systems and technical infrastructure are hosted on the Microsoft Azure Cloud that provides robust physical datacenter security and environmental controls. The Microsoft Azure infrastructure is designed and managed to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Security controls provided by our Cloud provider facilities include, but are not limited to:
- 24/7 physical security guard services;
- Extensive physical entry restrictions to the building, facilities, and datacenter floor;
- Biometric access with two-factor authentication;
- Video camera monitoring, full body metal detection screening, and security scans;
- Independent power, cooling, and networking for each availability zone within the Azure region.
We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides FluentPro a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States. You can find more information about our commitment to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework in our Privacy Shield Policy. Our active participation in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework can be viewed on their website located here.
FluentPro is also working towards ISO 27001 certification. Becoming certified will attest to our customers the integrity of FluentPro’s Information Security Management System (ISMS). Please check back here or on our blog for an update when we are certified.
All FluentPro-issued portable devices are equipped with full hard-disk encryption and have the proper protection mechanisms installed, such as password protection, biometric authentication, and up-to-date antivirus software.
Our solutions do not have an embedded password management and support a single sign-on authentication with the Microsoft Office 365 / Azure Active Directory, which allows you to apply a password policy that is set in your organization. Our internal password policy has strong complexity, expiration, and lockout requirements. FluentPro grants access on a “need to know” basis of least privilege rules only after formal approval by the IT staff and management, reviews permissions quarterly, and revokes access immediately after employee termination.
FluentPro conducts background screening at the time of hire (to the extent permitted by the applicable laws in the country of employment). In addition, FluentPro communicates its information security policies to all personnel (who must acknowledge this) and requires employees to sign non-disclosure agreements and provides ongoing privacy and security training.
Our development team employs secure coding techniques and best practices of software development. Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, testing, and audit purposes prior to deployment into the production environment.
All customer data in storage and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as the Transport Layer Security (TLS) protocol.
Vulnerability and Patch Management
FluentPro maintains a documented vulnerability and patch management program that is performed on all servers to protect systems from known vulnerabilities. The vulnerability scans and patch management are performed on a monthly basis. All servers owned or maintained by FluentPro are regularly updated with the latest security patches and updates to ensure the security of the FluentPro IT asset and the data that reside on the server.
Business Continuity Management
We employ various preventive measures to address information security aspects of disaster recovery and business continuity management. Our databases and virtual machines are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and are tested regularly to ensure availability. For all our storage accounts, we have geo-redundant storage (GRS) enabled, which maintains six copies of data and makes all data durable, even in the case of a complete regional outage or a disaster in which the primary region is not recoverable.