Overview
At Firstbase, we are proud to be SOC 2 Type 2 compliant. This certification demonstrates our commitment to the Security Trust Services Criteria and ensures that we adhere to rigorous standards for safeguarding data.
- Observation Period: Our SOC 2 Type 2 certification covers a full-year evaluation period, from January to December annually renewed.
- Independent Audits: We undergo regular audits to validate our adherence to these standards.
- Documentation: All documentation, including reports, policies and sub-processor lists can be found via the Firstbase Trust-Center. For details on accessing and navigating the Firstbase Trust Center please refer to Accessing the Firstbase Trust Center.
Public Security Policies
Transparency is a cornerstone of our compliance program. We share our key security policies publicly, enabling customers to understand how we manage risks and protect their data. These policies include:
- Information Security Policy
- Access Control Policy
- Incident Response Plan
- Risk Management Policy
- Cryptography Policy
- Physical Security Policy
- Secure development policy
- And more…
Operational Security at Firstbase
At Firstbase, we implement robust security measures to protect our systems and data. Our operational security practices are designed to mitigate risks and ensure the reliability of our platform.
Secure Data Storage
- All data is securely hosted in AWS with encryption at rest and in transit to prevent unauthorized access.
Access Control
- Strict access control policies govern administrative permissions, ensuring only authorized personnel can access sensitive systems.
Isolated Environments
- Our production and development environments are fully isolated to prevent accidental exposure of sensitive data during development.
Code Security
- Our codebase and changes are securely managed in private GitLab repositories, adhering to best practices for source code management.
Monitoring and Incident Response
- A comprehensive Incident Response Plan is in place to address potential security threats effectively.
- We maintain monitoring and alerting systems to detect and respond to incidents in real-time.
Vulnerability Management
- We conduct regular vulnerability scans to identify risks in both our application code and underlying operating systems.
Employee Training
- Employees undergo annual cybersecurity training to stay informed about the latest threats and best practices.
- Supplementary monthly security awareness videos reinforce ongoing education.
Need Further Assistance?
For more information, visit our Firstbase Trust-Center or reach out to security@firstbase.com.