SECURITY BUILT-IN FROM THE START
At FINCURA, we build security into our products from the start. At each stage in our software development lifecycle we consider all security concerns and build in the appropriate protections, such as data sanitization and least privilege models. We validate our approach and final code through ongoing penetration tests and vulnerability assessments, and streamline the process of triaging and patching any issues we identify.
ENCRYPTED AND ISOLATED DATA
All data is encrypted in the FINCURA system. Connections from our end-users to the FINCURA web application are always encrypted using industry standard AES encryption within TLS (HTTPS) tunnels. In transit between our internal systems, as well as at rest, we continue to use industry standard ciphers to ensure the safety of the data we hold. Data is encrypted using customer-unique cryptographic keys stored securely in hardware designed with trusted platform modules for best-in-class protections. Users with access to one customer’s data are unable to access any other customer data.
SOC II COMPLIANT
FINCURA is SOC II Compliant. We have and follow a set of policies and procedures to ensure we are able to deliver on our promises of protecting our customer's data. We had an external auditor review and approve of our procedures to earn our SOC II compliant status, and have a 24/7 response structure in place to handle any issues. If you'd like to see our SOC II report, please reach out to our sales team here.
Our physical infrastructure is geographically redundant and resilient against hardware failures at the host, rack, and data center levels. Through the use of multiple Internet connections, power sources, and redundant links, FINCURA systems and data remain accessible even in failure situations. Furthermore, we protect against any loss of data by having multiple continuous backups to geographically dispersed locations. However, if we do notice an issue that could affect our users, we commit to transparency and will update our status page located here so you will never be left unaware.
CONTROLLED, MONITORED, AND AUDITED ACCESS
All access to systems or data, either virtually or physically, is strictly controlled, monitored, and audited by security operation teams. Access to our internal production systems require multiple factor authentication. Access is permitted only to employees with an immediate business need, and any change requires review by multiple authorized personnel. We log and audit our customer logins as well to identify any malicious login attempts. We offer multiple factor authentication as well as SAML integration to any customer wishing for additional security controls.