Fosfor aligns with industry-leading standards to ensure that our security practices meet or exceed global benchmarks. Our commitment to compliance not only strengthens our internal processes but also helps our customers achieve their own compliance objectives.
Fosfor maintains a strong alignment with industry best practices and standards, allowing us to meet a wide range of compliance needs across different sectors. We actively participate in industry groups and maintain memberships with relevant organizations to stay at the forefront of security and privacy developments.
Data hosting location: Fosfor hosts customer data in state-of-the-art data centres across the United States, Europe, and Asia Pacific. These locations are strategically chosen to ensure data redundancy and compliance with local regulations. Customers have the option to select specific data hosting regions to meet their regulatory and operational needs.
Vendor security: Fosfor rigorously evaluates and monitors third-party vendors that have access to our systems or customer data. We conduct thorough security reviews to minimize risks and ensure that all vendors adhere to our stringent security standards.
Fosfor employs a multi-layered approach to network security, leveraging advanced technologies and best practices to protect against a wide range of threats.
Dedicated security team: Our security team is available 24/7 to respond to any security alerts or incidents. This team continuously monitors our environment and takes proactive measures to prevent potential security breaches.
Protection: Fosfor’s network is safeguarded by integrating key security services. Regular audits and the use of network intelligence technologies enable us to detect and block malicious traffic, ensuring the integrity of our systems.
Architecture: Our network security architecture is built on the principle of least privilege and segregates systems into multiple security zones based on their sensitivity. More critical systems, like database servers, are placed in highly trusted zones with enhanced monitoring and access controls.
Network Vulnerability Scanning: Fosfor conducts continuous network vulnerability scanning to quickly identify and remediate potential vulnerabilities. This proactive approach allows us to maintain a robust security posture.
Fosfor’s Security Incident Event Management (SIEM) system provides real-time visibility into our network, enabling us to detect and respond to security incidents swiftly.
Intrusion detection and prevention: Our systems are equipped with advanced intrusion detection and prevention mechanisms that monitor for abnormal behaviour. These systems generate alerts when incidents exceed predefined thresholds, allowing our Security Team to take immediate action.
DDoS mitigation: Fosfor employs a multi-layered defense strategy to protect against Distributed Denial of Service (DDoS) attacks.
Access to Fosfor’s production environment is tightly controlled and based on the principle of least privilege. Only authorized personnel with a legitimate need-to-know are granted access, and this access is frequently audited and monitored.
In the event of a security incident, Fosfor has established processes to ensure a swift and effective response. Our teams are trained in incident response protocols, which include predefined communication channels and escalation paths to manage incidents efficiently.
Fosfor uses encryption to protect data both in transit and at rest, ensuring that your information is secure at all times.
Encryption in transit: All communications between Fosfor’s user interfaces (UI) and APIs are encrypted using industry-standard HTTPS/TLS protocols (TLS 1.2 or higher). This protects your data from eavesdropping during transmission over public networks.
Encryption at rest: Customer data stored in Fosfor’s systems is encrypted at rest using AES-256, a highly secure encryption standard. This ensures that your data remains protected even if physical security controls are compromised.
Fosfor is committed to providing reliable services with high availability and robust disaster recovery plans.
Redundancy: Our infrastructure includes multiple layers of redundancy, such as service clustering and network redundancies, to eliminate single points of failure. This design helps us deliver consistent service levels, even in the event of hardware or network failures.
Disaster Recovery: Fosfor’s Disaster Recovery (DR) program ensures that our services can be quickly restored in the event of a disaster. This program includes regular testing of disaster recovery plans, replication of critical data across multiple availability zones, and prioritization of recovery operations for customers who opt for our Enhanced Disaster Recovery service.
Fosfor integrates security into every stage of our software development lifecycle (SDLC) to ensure that our applications are secure by design.
Secure Development Lifecycle (SDLC): All Fosfor developers undergo annual secure code training, which is based on the OWASP top 10 security risks. We use modern, secure frameworks that include built-in controls to mitigate common vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
Quality Assurance: Our Quality Assurance (QA) team rigorously tests our codebase to identify and resolve security vulnerabilities before they reach production. Dedicated application security engineers are involved throughout the development process to provide expert guidance and support.
Vulnerability Management: Fosfor employs third-party security tools to continuously scan our applications for vulnerabilities. We also engage third-party security experts to perform detailed penetration tests, ensuring that any identified issues are promptly remediated.
Fosfor’s products include robust security features designed to protect your data and ensure that only authorized users have access.
Authentication security: Fosfor offers several authentication options, including native authentication, Single Sign-On (SSO) with popular identity providers, and 2-Factor Authentication (2FA) for added security. These options help you tailor access controls to meet your organization’s security requirements.
Fosfor understands that security begins with our people. We invest in comprehensive security training and vetting processes to ensure that our team is well-equipped to protect your data.
Security awareness: All Fosfor employees receive security awareness training upon joining the company and annually thereafter. This training covers essential security topics, including phishing awareness, secure data handling, and incident reporting. Additionally, engineers receive specialized secure code training to reinforce best practices in software development.
Employee vetting: Fosfor conducts background checks on all new hires in accordance with local laws. These checks include criminal, education, and employment verification, ensuring that only trustworthy individuals have access to sensitive information. All employees and contractors are also required to sign Non-Disclosure and Confidentiality agreements.
Fosfor provides transparency in our legal and compliance practices, helping our customers meet their own regulatory requirements.
Agreements and policies: Fosfor’s legal agreements and policies are designed to provide clear and detailed information about our services, data protection practices, and security measures. These documents support our customers in achieving compliance with regulations such as GDPR, CCPA, HIPAA, and others.