Security and Privacy by Design
In the face of evolving cyber threats, information security is at the forefront of everyone’s mind. Customers and clients want to be assured that there are systems in place to safeguard their sensitive data. At Finicast, we have committed ourselves to the highest standards of security to deliver trust and assurance to customers.
The core tenets of Finicast’s security program are to safeguard customer data and to maintain customer trust. Finicast has implemented layers of security throughout our organization. We’re passionate about defining new security controls and continuously refining our existing ones.
Our security program is driven not only by compliance and regulatory requirements but also by industry best practices like SOC 2, ISO 27001, and HIPAA. We apply the principle of least privilege on access controls to ensure that employees are only given the level of access required for their job duties. Additionally, we utilize role-based access control to assign access privileges.
SOC 2 Type 2 Compliance
SOC 2 is a reporting framework developed by the American Institute of CPAs (AICPA) to help service organizations, such as software vendors, demonstrate their security posture and service commitments to prospective and existing customers. Our platform meets the strict requirements for the trust services categories.
SOC 2 compliance is based on specific requirements for effectively handling client data, divided into five the Trust Service Principles:
- Privacy: How data is collected, used, retained and disclosed as part of its use by an organization.
- Confidentiality: Data designated as confidential remains confidential during use by an organization.
- Security: Data is protected against unauthorized access, theft, breach, or disclosure;also called the “common criteria.”
- Processing Integrity: All data processing systems are complete, valid, accurate, and timely based on an organization’s needs.
- Availability: Data is visible and ready to use as part of a business’s processes.
Any company can say they make the customer’s safety and security a top priority, but not all of them can prove it. Our SOC 2 Type 2 report is available to Finicast customers and prospects upon request.
Finicast is ISO 27001 certified. ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. Please feel free to contact us at firstname.lastname@example.org if you have any security or privacy-related questions, concerns, or comments.
Health Insurance Portability and Accountability Act (HIPAA)
The Finicast Platform supports HIPAA compliance with the Security and Breach Notification Rule in the role of a Business Associate. Finicast will enter into Business Associate Agreements with customers as necessary under HIPAA, but customers are ultimately responsible for evaluating their own services and products for HIPAA compliance.
Secure by Design
The core tenets of Finicast’s security program are to safeguard customer data and to maintain customer trust. We’re passionate about defining new security controls and continuously refining our existing ones so you can be assured that your information is safe and protected.