What are the certifications a data product company needs? Why are they important and how will this information benefit the customer?

Fosfor aligns with industry-leading standards to ensure that our security practices meet or exceed global benchmarks. Our commitment to compliance not only strengthens our internal processes but also helps our customers achieve their own compliance objectives.

SOC 2 Type II

Fosfor undergoes regular audits to obtain SOC 2 Type II reports, which verify that we manage data securely to protect the privacy of our clients. These reports are available to customers upon request and under a Non-Disclosure Agreement (NDA).

ISO 27001:2013

Fosfor is certified under ISO 27001:2013, a globally recognized standard for information security management. This certification confirms that we have established, implemented, and maintained a robust information security management system (ISMS).

ISO 27017

Building upon ISO 27001, this certification specifically focuses on cloud security. It demonstrates our ability to safeguard data in cloud environments.

Industry-Based Compliance and Memberships

Fosfor maintains a strong alignment with industry best practices and standards, allowing us to meet a wide range of compliance needs across different sectors. We actively participate in industry groups and maintain memberships with relevant organizations to stay at the forefront of security and privacy developments.

Cloud security and data center physical security

Data hosting location: Fosfor hosts customer data in state-of-the-art data centres across the United States, Europe, and Asia Pacific. These locations are strategically chosen to ensure data redundancy and compliance with local regulations. Customers have the option to select specific data hosting regions to meet their regulatory and operational needs.

Vendor security: Fosfor rigorously evaluates and monitors third-party vendors that have access to our systems or customer data. We conduct thorough security reviews to minimize risks and ensure that all vendors adhere to our stringent security standards.

Network security

Fosfor employs a multi-layered approach to network security, leveraging advanced technologies and best practices to protect against a wide range of threats.

Dedicated security team: Our security team is available 24/7 to respond to any security alerts or incidents. This team continuously monitors our environment and takes proactive measures to prevent potential security breaches.

Protection: Fosfor’s network is safeguarded by integrating key security services. Regular audits and the use of network intelligence technologies enable us to detect and block malicious traffic, ensuring the integrity of our systems.

Architecture: Our network security architecture is built on the principle of least privilege and segregates systems into multiple security zones based on their sensitivity. More critical systems, like database servers, are placed in highly trusted zones with enhanced monitoring and access controls.

Network Vulnerability Scanning: Fosfor conducts continuous network vulnerability scanning to quickly identify and remediate potential vulnerabilities. This proactive approach allows us to maintain a robust security posture.

Security Incident Event Management

Fosfor’s Security Incident Event Management (SIEM) system provides real-time visibility into our network, enabling us to detect and respond to security incidents swiftly.

Intrusion detection and prevention: Our systems are equipped with advanced intrusion detection and prevention mechanisms that monitor for abnormal behaviour. These systems generate alerts when incidents exceed predefined thresholds, allowing our Security Team to take immediate action.

DDoS mitigation: Fosfor employs a multi-layered defense strategy to protect against Distributed Denial of Service (DDoS) attacks.

Logical Access

Access to Fosfor’s production environment is tightly controlled and based on the principle of least privilege. Only authorized personnel with a legitimate need-to-know are granted access, and this access is frequently audited and monitored.

Security incident response

In the event of a security incident, Fosfor has established processes to ensure a swift and effective response. Our teams are trained in incident response protocols, which include predefined communication channels and escalation paths to manage incidents efficiently.

Encryption

Fosfor uses encryption to protect data both in transit and at rest, ensuring that your information is secure at all times.

Encryption in transit: All communications between Fosfor’s user interfaces (UI) and APIs are encrypted using industry-standard HTTPS/TLS protocols (TLS 1.2 or higher). This protects your data from eavesdropping during transmission over public networks.

Encryption at rest: Customer data stored in Fosfor’s systems is encrypted at rest using AES-256, a highly secure encryption standard. This ensures that your data remains protected even if physical security controls are compromised.

Availability & Continuity

Fosfor is committed to providing reliable services with high availability and robust disaster recovery plans.

Redundancy: Our infrastructure includes multiple layers of redundancy, such as service clustering and network redundancies, to eliminate single points of failure. This design helps us deliver consistent service levels, even in the event of hardware or network failures.

Disaster Recovery: Fosfor’s Disaster Recovery (DR) program ensures that our services can be quickly restored in the event of a disaster. This program includes regular testing of disaster recovery plans, replication of critical data across multiple availability zones, and prioritization of recovery operations for customers who opt for our Enhanced Disaster Recovery service.

Application Security

Fosfor integrates security into every stage of our software development lifecycle (SDLC) to ensure that our applications are secure by design.

Secure Development Lifecycle (SDLC): All Fosfor developers undergo annual secure code training, which is based on the OWASP top 10 security risks. We use modern, secure frameworks that include built-in controls to mitigate common vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).

Quality Assurance: Our Quality Assurance (QA) team rigorously tests our codebase to identify and resolve security vulnerabilities before they reach production. Dedicated application security engineers are involved throughout the development process to provide expert guidance and support.

Vulnerability Management: Fosfor employs third-party security tools to continuously scan our applications for vulnerabilities. We also engage third-party security experts to perform detailed penetration tests, ensuring that any identified issues are promptly remediated.

Product security

Fosfor’s products include robust security features designed to protect your data and ensure that only authorized users have access.

Authentication security: Fosfor offers several authentication options, including native authentication, Single Sign-On (SSO) with popular identity providers, and 2-Factor Authentication (2FA) for added security. These options help you tailor access controls to meet your organization’s security requirements.

HR security

Fosfor understands that security begins with our people. We invest in comprehensive security training and vetting processes to ensure that our team is well-equipped to protect your data.

Security awareness: All Fosfor employees receive security awareness training upon joining the company and annually thereafter. This training covers essential security topics, including phishing awareness, secure data handling, and incident reporting. Additionally, engineers receive specialized secure code training to reinforce best practices in software development.

Employee vetting: Fosfor conducts background checks on all new hires in accordance with local laws. These checks include criminal, education, and employment verification, ensuring that only trustworthy individuals have access to sensitive information. All employees and contractors are also required to sign Non-Disclosure and Confidentiality agreements.

Legal Compliance

Fosfor provides transparency in our legal and compliance practices, helping our customers meet their own regulatory requirements.

Agreements and policies: Fosfor’s legal agreements and policies are designed to provide clear and detailed information about our services, data protection practices, and security measures. These documents support our customers in achieving compliance with regulations such as GDPR, CCPA, HIPAA, and others.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

What is a cookie?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. On future visits, this data is then returned to that website to help identify you and your site preferences. Our websites and mobile sites use cookies to give you the best online experience. Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.

Why do we use cookies?

We use cookies to learn how you interact with our content and to improve your experience when visiting our website(s). For example, some cookies remember your language or preferences so that you do not have to repeatedly make these choices when you visit one of our websites.

What kind of cookies do we use?

We use the following categories of cookie:

Category 1: Strictly Necessary Cookies

Strictly necessary cookies are those that are essential for our sites to work in the way you have requested. Although many of our sites are open, that is, they do not require registration; we may use strictly necessary cookies to control access to some of our community sites, whitepapers or online events such as webinars; as well as to maintain your session during a single visit. These cookies will need to reset on your browser each time you register or log in to a gated area. If you block these cookies entirely, you may not be able to access gated areas. We may also offer you the choice of a persistent cookie to recognize you as you return to one of our gated sites. If you choose not to use this “remember me” function, you will simply need to log in each time you return.
Cookie Name Domain / Associated Domain / Third-Party Service Description Retention period
__cfduid Cloudflare Cookie associated with sites using CloudFlare, used to speed up page load times 1 Year
lidc linkedin.com his is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website. 1 Day
PHPSESSID ltimindtree.com Cookies named PHPSESSID only contain a reference to a session stored on the web server When the browsing session ends
catAccCookies ltimindtree.com Cookie set by the UK cookie consent plugin to record that you accept the fact that the site uses cookies. 29 Days
AWSELB Used to distribute traffic to the website on several servers in order to optimise response times. 2437 Days
JSESSIONID linkedin.com Preserves users states across page requests. 334,416 Days
checkForPermission bidr.io Determines whether the visitor has accepted the cookie consent box. 1 Day
VISITOR_INFO1_LIVE Tries to estimate users bandwidth on the pages with integrated YouTube videos. 179 Days
.avia-table-1 td:nth-of-type(1):before { content: 'Cookie Name'; } .avia-table-1 td:nth-of-type(2):before { content: 'Domain / Associated Domain / Third-Party Service'; } .avia-table-1 td:nth-of-type(3):before { content: 'Description'; } .avia-table-1 td:nth-of-type(4):before { content: 'Retention period'; }

Category 2: Performance Cookies

Performance cookies, often called analytics cookies, collect data from visitors to our sites on a unique, but anonymous basis. The results are reported to us as aggregate numbers and trends. LTI allows third-parties to set performance cookies. We rely on reports to understand our audiences, and improve how our websites work. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), which in turn uses performance cookies. Information generated by the cookies about your use of our website will be transmitted to and stored by Google on servers Worldwide. The IP-address, which your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, you have to note that if you do this, you may not be able to use the full functionality of our website. You can also opt-out from being tracked by Google Analytics from any future instances, by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: https://tools.google.com/dlpage/gaoptout & cookiechoices.org and privacy.google.com/businesses
Cookie Name Domain / Associated Domain / Third-Party Service Description Retention period
_ga ltimindtree.com Used to identify unique users. Registers a unique ID that is used to generate statistical data on how the visitor uses the web site. 2 years
_gid ltimindtree.com This cookie name is asssociated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited. 1 day
_gat ltimindtree.com Used by Google Analytics to throttle request rate 1 Day
.avia-table-2 td:nth-of-type(1):before { content: 'Cookie Name'; } .avia-table-2 td:nth-of-type(2):before { content: 'Domain / Associated Domain / Third-Party Service'; } .avia-table-2 td:nth-of-type(3):before { content: 'Description'; } .avia-table-2 td:nth-of-type(4):before { content: 'Retention period'; }

Category 3: Functionality Cookies

We may use site performance cookies to remember your preferences for operational settings on our websites, so as to save you the trouble to reset the preferences every time you visit. For example, the cookie may recognize optimum video streaming speeds, or volume settings, or the order in which you look at comments to a posting on one of our forums. These cookies do not identify you as an individual and we don’t associate the resulting information with a cookie that does.
Cookie Name Domain / Associated Domain / Third-Party Service Description Retention period
lang ads.linkedin.com Set by LinkedIn when a webpage contains an embedded “Follow us” panel. Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. When the browsing session ends
lang linkedin.com In most cases it will likely be used to store language preferences, potentially to serve up content in the stored language. When the browsing session ends
YSC Registers a unique ID to keep statistics of what videos from Youtube the user has seen. 2,488,902 Days
.avia-table-3 td:nth-of-type(1):before { content: 'Cookie Name'; } .avia-table-3 td:nth-of-type(2):before { content: 'Domain / Associated Domain / Third-Party Service'; } .avia-table-3 td:nth-of-type(3):before { content: 'Description'; } .avia-table-3 td:nth-of-type(4):before { content: 'Retention period'; }

Category 4: Social Media Cookies

If you use social media or other third-party credentials to log in to our sites, then that other organization may set a cookie that allows that company to recognize you. The social media organization may use that cookie for its own purposes. The Social Media Organization may also show you ads and content from us when you visit its websites.

Ref links:

LinkedInhttps://www.linkedin.com/legal/privacy-policy Twitterhttps://gdpr.twitter.com/en.html & https://twitter.com/en/privacy & https://help.twitter.com/en/rules-and-policies/twitter-cookies Facebookhttps://www.facebook.com/business/gdpr Also, if you use a social media-sharing button or widget on one of our sites, the social network that created the button will record your action for its own purposes. Please read through each social media organization’s privacy and data protection policy to understand its use of its cookies and the tracking from our sites, and also how to control such cookies and buttons.

Category 5: Targeting/Advertising Cookies

We use tracking and targeting cookies, or ask other companies to do so on our behalf, to send you emails and show you online advertising, which meet your business and professional interests. If you have registered on our websites, we may send you emails, tailored to reflect the interests you have shown during your visits. We ask third-party advertising platforms and technology companies to show you our ads after you leave our sites (retargeting technology). This technology allows us to make our website services more interesting for you. Retargeting cookies are used to record anonymized movement patterns on a website. These patterns are used to tailor banner advertisements to your interests. The data used for retargeting is completely anonymous, and is only used for statistical analysis. No personal data is stored, and the use of the retargeting technology is subject to the applicable statutory data protection regulations. We also work with companies to reach people who have not visited our sites. These companies do not identify you as an individual, instead rely on a variety of other data to show you advertisements, for example, behavior across websites, information about individual devices, and, in some cases, IP addresses. Please refer below table to understand how these third-party websites collect and use information on our behalf and read more about their opt out options.
Cookie Name Domain / Associated Domain / Third-Party Service Description Retention period
BizoID ads.linkedin.com These cookies are used to deliver adverts more relevant to you and your interests 183 days
iuuid demandbase.com Used to measure the performance and optimization of Demandbase data and reporting 2 years
IDE doubleclick.net This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. 2,903,481 Days
UserMatchHistory linkedin.com This cookie is used to track visitors so that more relevant ads can be presented based on the visitor’s preferences. 60,345 Days
bcookie linkedin.com This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media. 2 years
__asc ltimindtree.com This cookie is used to collect information on consumer behavior, which is sent to Alexa Analytics. 1 Day
__auc ltimindtree.com This cookie is used to collect information on consumer behavior, which is sent to Alexa Analytics. 1 Year
_gcl_au ltimindtree.com Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 Months
bscookie linkedin.com Used by the social networking service, LinkedIn, for tracking the use of embedded services. 2 years
tempToken app.mirabelsmarketingmanager.com When the browsing session ends
ELOQUA eloqua.com Registers a unique ID that identifies the user’s device upon return visits. Used for auto -populating forms and to validate if a certain contact is registered to an email group . 2 Years
ELQSTATUS eloqua.com Used to auto -populate forms and validate if a given contact has subscribed to an email group. The cookies only set if the user allows tracking . 2 Years
IDE doubleclick.net Used by Google Double Click to register and report the website user’s actions after viewing clicking one of the advertiser’s ads with the purpose of measuring the efficiency of an ad and to present targeted ads to the user. 1 Year
NID google.com Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads. 6 Months
PREF youtube.com Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different web sites. 8 months
test_cookie doubleclick.net This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor’s browser supports cookies. 1,073,201 Days
UserMatchHistory linkedin.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences. 29 days
VISITOR_INFO1_LIVE youtube.com 179 days
.avia-table-4 td:nth-of-type(1):before { content: 'Cookie Name'; } .avia-table-4 td:nth-of-type(2):before { content: 'Domain / Associated Domain / Third-Party Service'; } .avia-table-4 td:nth-of-type(3):before { content: 'Description'; } .avia-table-4 td:nth-of-type(4):before { content: 'Retention period'; }
Third party companies Purpose Applicable Privacy/Cookie Policy Link
Alexa Show targeted, relevant advertisements https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html To opt out: http://www.bluekai.com/consumers.php#optout
Eloqua Personalized email based interactions https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html To opt out: https://www.oracle.com/marketingcloud/opt-status.html
CrazyEgg CrazyEgg provides visualization of visits to website. https://help.crazyegg.com/article/165-crazy-eggs-gdpr-readiness Opt Out: DAA: https://www.crazyegg.com/opt-out
DemandBase Show targeted, relevant advertisements https://www.demandbase.com/privacy-policy/ Opt out: DAA: http://www.aboutads.info/choices/
LinkedIn Show targeted, relevant advertisements and re-targeted advertisements to visitors of LTI websites https://www.linkedin.com/legal/privacy-policy Opt-out: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences
Google Show targeted, relevant advertisements and re-targeted advertisements to visitors of LTI websites https://policies.google.com/privacy Opt Out: https://adssettings.google.com/ NAI: http://optout.networkadvertising.org/ DAA: http://optout.aboutads.info/
Facebook Show targeted, relevant advertisements https://www.facebook.com/privacy/explanation Opt Out: https://www.facebook.com/help/568137493302217
Youtube Show targeted, relevant advertisements. Show embedded videos on LTI websites https://policies.google.com/privacy Opt Out: https://adssettings.google.com/ NAI: http://optout.networkadvertising.org/ DAA: http://optout.aboutads.info/
Twitter Show targeted, relevant advertisements and re-targeted advertisements to visitors of LTI websites https://twitter.com/en/privacy Opt out: https://twitter.com/personalization DAA: http://optout.aboutads.info/
. .avia-table tr {} .avia-table th, .flex_column .avia-table td { color: #343434; padding: 5px !important; border: 1px solid #ddd !important; } .avia-table th {background-color: #addeec;} .avia-table tr:nth-child(odd) td {background-color: #f1f1f1;}
Save settings
Cookies settings