Cloud security at FACS is the highest priority. As a FACS customer, you will benefit from the data and organizational security we’ve built to meet the requirements of security-sensitive organizations. Our security protocols are designed to deliver the protection you need without the upfront expense, and at a lower cost, than many on-premises environments. FACS security solutions encompass the following areas.
FACS utilizes Amazon Web Services (AWS) private cloud servers to store our clients’ data. AWS provides the best security options available including network and application firewalls, encryption in transit with TLS across all services and connectivity options that enable private, dedicated, connections from specific environments. FACS performs regular security audits to ensure our existing procedures utilize the best practices available.
FACS servers and application configuration is architected to operate with redundancy. Customer data is always hosted at an AWS facility within the United States. Each primary server has redundant backup servers, located on separate physical devices at different locations. At regular intervals, full copies of all customer data is stored on these backup servers. In the event the primary server is unreachable due to software or hardware failure, FACS reroutes requests to one of the backup servers until the primary servers are back online. Each backup server saves a daily snapshot of our customers’ data for thirty (30) days.
Our client portals are completely private, encrypted, and only accessible to active users. To prevent malware from entering the system, only registered users are allowed to upload files into the system. These files are limited to document formats such as .pdf or .jpeg and executable files are automatically filtered out. All file transfers on FACS servers are monitored to ensure malicious software does not enter our controlled environment.
Our servers are monitored 24/7 and all of our servers are fully locked down with rigid firewall restrictions. AWS data centers are monitored and staffed around the clock to ensure the highest level of performance and security. In the unlikely event that FACS detects a breach in the security protocols protecting your data, FACS immediately terminates the compromised server and redirects access to one of the standby backup servers. FACS then contacts the customers who may have been affected by this breach and outlines recommended steps to correct for the identified vulnerability.
FACS utilizes industry standard measures to ensure our customers’ data is secure in transit from our servers to the job site. Using Transport Layer Security (TLS) encryption technology, your data is safe while traveling out over the open internet. Every interaction between your users and FACS servers are protected and encrypted with PKCS #1 SHA-256 RSA Encryption.
Once within FACS’ application there are additional layers of security provided to ensure that data is shared with the correct individuals. System administrators can control access at the project level, service level, individual user level, document level and even select fields within specific documents. With the ability to create custom roles, which manage these permissions, this granular level of control is easy to administer and ensures that data within projects is shared only with approved users.
FACS provides clients with two processes to securely request their data from FACS servers in either a pdf or native database format. FACS Archive Wizard provides users with a guided process to convert all documents and data within a customer’s project into searchable pdf files. These pdf files are stored on a secured FTP site and access is granted through a temporary URL link which expires to prevent unauthorized access. Files are available on the FTP site for 72 hours at which time they are permanently deleted from FACS servers. Access to customers’ raw data values is available through FACS customer API, which is protected using dedicated customer keys.
In the event that a customer decides to discontinue use of FACS on future projects, FACS will continue to host their data for thirty (30) days as a customer snapshot on a backup server. After thirty (30) days all data is permanently deleted from all FACS servers.
FACS logs all user action within the system and records the user, date and time each change is made. These logs are available for authorized uses like the System Administrators who, in the event of identifying contumelious activity within FACS, can easily trace the actions back to the culprit.
Users are granted access to their secured site with their dedicated user name and password credentials. All passwords are saved in a one-way salted hash that cannot be decrypted. Passwords stored using these processes are not accessible by anyone, including FACS personnel, ensuring that our customers’ passwords are protected. Unlike most systems which stop at this level of protection, FACS also monitors users’ locations and prevents duplicate access to the system. When FACS notices access from an unrecognized location, FACS provides a notification alerting the user of the unrecognized activity.
FACS strives to provide a robust and trustworthy service for our customers. FACS works with Amazon to ensure that as new security threats are identified updates are made to our servers to ensure that our customers’ data remains secure. FACS follows an Agile release process and applies security updates as needed. Even though FACS’ server update process does not interrupt access to the application from our customers, all updates are typically run outside standard business hours. In the event that an update will temporarily interrupt service, FACS notifies our affected customers with as much advance warning as practical based on the specific security threat identified.
The use of security monitoring tools and data protection software is only as reliable as the team managing it. Before we add to our team, FACS verifies an individual’s previous employment, education and performs detailed reference checks. FACS also conducts criminal, credit, immigration and security checks where labor law and regulations permit. The extent of these background checks vary depending on the position. All FACS employees participate in security training as part of their onboarding process. Depending on the specific job, additional training is provided to ensure that our team is constantly improving our security processes.
As an additional security precaution, and to ensure our clients receive the best support possible, all FACS personnel are located within the United States. FACS does not utilize outsourced support teams, further ensuring that our clients’ data is always protected by the laws of the United States.
If you have a specific question, or would like more information on FACS security procedures and policies, please contact us: info@facsware.com