Security
We are committed to safeguarding your information.
We protect your personal and company data by ensuring the most advanced technical, administrative, and physical controls are in place.
StandardFusion delivers enterprise-grade security and compliance while prioritizing the protection of customers' data by working with an independent auditor to maintain a SOC 2 Type II report to objectively certify controls for the continuous security, availability, confidentiality, and integrity of customers’ data.
Read our full SOC 3 report here.
Privacy
StandardFusion is committed to protecting data privacy rights and confidentiality requirements via comprehensive processes, administrative controls, safeguards, and ongoing training for all employees. We employ best practices to allow you to choose where your data is located and protect it based on strict requirements.
Organizational Security
StandardFusion Information Security Management System commits to:
Protecting confidential data, including clients’ personal and proprietary information, StandardFusion intellectual property, and service data against loss, damage, disruption, or unauthorized access.
Deploying the most secure technology and infrastructure.
Complying with legal and contractual requirements to deliver high-standard services.
Ensuring that all employees follow the company’s policies and procedures and manage risks appropriately.
Implementing and maintaining security policies and procedures.
Implementing an Information Security and Privacy Management System and ensuring that it is continually improved and supported with the resources necessary to achieve its commitments.
Being transparent.
Endpoint Security
Technical controls are deployed to all StandardFusion endpoints. These controls are centrally managed by Corporate IT (Information Technology) management and monitored continuously.
Malware Protection
Endpoint devices are protected and monitored from malware, malicious activity, and unsafe applications.
Security Awareness
We cultivate a culture of heightened security consciousness. Our training and awareness program is designed to empower every member of our team with the knowledge and skills necessary to safeguard confidential information effectively.
All new employees undergo annual information security training that covers requirements for the security, availability, and confidentiality of information.
Access Control
Embracing the fundamental baseline of information security, our access control policy operates on the principles of least privilege and Role-Based Access Control (RBAC). Users are granted access to the network, systems, applications, and network services only to the extent necessary for their designated roles and responsibilities. This ensures that each user possesses the minimum level of access essential for their tasks, thereby limiting potential exposure and mitigating the risk of unauthorized activities.
Access to systems is regularly audited at planned intervals.
Onboarding/Offboarding Process
StandardFusion has documented Onboarding and Offboarding Processes enforced to all new employees. The processes are monitored and reviewed at planned intervals.
Prior to employment, potential candidates undergo a comprehensive background check. Upon employment, the candidate must read, sign, and adhere to a series of requirements outlining their responsibilities for information security.
Terminated employees are removed from all systems. All access to management systems, hardware, and online tools is revoked immediately.
Physical Security
Access to the office and work area containing confidential information are physically restricted and monitored to limit access to only authorized personnel.
Physical Security Audits are conducted at planned intervals.
Monitoring and Logging
StandardFusion maintains strict monitoring and logging controls.
We log all database access, including administrative access, use of privileged commands, and system access. Log information is protected against tampering and unauthorized access.
Secure Development Life Cycle
In our commitment to ensuring the utmost security for our clients, we employ a Secure Development Life Cycle (SDLC). We maintain a documented framework to secure every stage of the development process.
Our SDLC process adheres to industry best practices, incorporating robust security measures at every step.
Third Party Management
Our third-party management approach adheres to stringent controls, ensuring that external partners align with our robust security standards.
We have a documented process that requires initial evaluation and continuous monitoring of third-party systems. All vendors are assessed to confirm their mandatory compliance with privacy regulations and best practices in security.
Risk Management
Our risk assessment process is streamlined to assess a comprehensive list of ISMS (Information Security Management System) identified risks. StandardFusion compliance team systematically identifies, analyzes, and prioritizes risks, focusing on potential threats to information security.
Vulnerability Management
StandardFusion regularly conducts various internal and external security and vulnerability scans searching for any new threats to our services.
The development team assesses all discovered threats and mitigate potential risks to StandardFusion application.
Business Continuity
Our Business Continuity Management (BCM) strategy starts with a comprehensive Business Impact Analysis. We are committed to maintaining the highest level of service availability and quality, aligning with industry best practices. Our management system aligned with SOC 2 Type II Availability requirements, reflecting our dedication to adopt, enhance, and rigorously test plans and procedures.
StandardFusion allocates resources strategically to invest in infrastructure technology, staff skills, processes, and policies, ensuring continual improvement of our Business Continuity Management System (BCMS) to meet and exceed the commitments outlined in internal processes. We have a robust and resilient infrastructure in place with redundant datacenters available to all customers.
Our Business Continuity Plan is tested annually, and lessons learned are reviewed by top management.
Incident Response Plan
StandardFusion incident management process builds on a foundation of robust protocols and technology for detection, containment, eradication, and recovery from incidents.
StandardFusion's approach prioritizes minimizing the impact of incidents on our clients and swiftly restoring normal operations. Our incident response team is equipped to promptly respond to potential security alerts and continuously improve the process. The team is responsible for putting the plan into action with a goal to:
Detect and react to information security incidents.
Respond appropriately to the incident.
Communicate the results and risk to all stakeholders.
Reduce the likelihood of the incident reoccurring.
Data Privacy
StandardFusion Privacy Program is designed to assure the highest possible levels of privacy protection for our customers. We have developed and implemented transparent, comprehensive processes as part of our commitment to the responsible use of information.
We follow the highest standards to keep customers’ data confidential:
Compliance: We have implemented a privacy program to ensure compliance with privacy requirements from the General Data Protection Regulation 2016/679 (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), California Consumer Privacy Act (CCPA), among others.
Data Centers: Data Hosting is available in three different economic regions: North America, Asia-Pacific, and Europe. Customers can choose to have their data hosted in the same region where their service is located.
Data security: StandardFusion has administrative, technical, and physical controls implemented to protect customers’ data against unauthorized access and disclosure.
Data Encryption: Data is encrypted in transit and at rest to effectively protect customer information.
Sub-Processors
StandardFusion uses certain sub-processors to assist in providing our services.
All sub-processors are continuously monitored and approved transfer mechanisms are in place to secure cross-border data transfers, such as Data Processing Agreements and Standard Contractual Clauses.
Sub processor | Jurisdiction | Purpose for processing |
---|---|---|
AWS | Canada, United States, Germany, (Depending on Customer location) Data hosting | Data hosting |
Azure | Canada, United States, Germany, (Depending on Customer location) Data hosting | Data hosting (backup) |
SendGrid (Twilio) | United States | Task Notifications |
Cloudflare | United States | Manage traffic and secure the Services |
Freshdesk (Freshworks) | United States | Customer Success ticketing system |
Office 365 (Microsoft) | United States | Email, File Storage, Document Creation and Sharing, Virtual Meetings |
Slack | United States | Internal communication |
Postmark | United States | Task Notifications |
Coda | United States | Internal ticketing system |
Splunk | United States | Logging and Monitoring |
Processing Location | ||
---|---|---|
StandardFusion Head Office | Canada | Sales, Billing, Development, and Support |
Privacy Notice
Read our full Privacy Notice here.