FLOQAST’S COMPREHENSIVE APPROACH TO SECURITY

As your trusted accounting workflow platform, the security of our platform and your accounting information is FloQast’s top priority. Our end-to-end security strategy enables us to deliver a world-class service while protecting your business’s data.

FloQast is committed to providing you access to our product and services via best-in-class security features so that your business can rely on FloQast to provide its product and services in a predictable and reliable manner.

We know that closing the books requires processing significant and sensitive financial data. Our systems and protocols provide your business the assurance it needs so you know your financial data is safeguarded.

SECURITY CONTROLS

Infrastructure and Physical Security

When we selected an infrastructure provider, we drew on our technical team’s experience in developing and operating market-leading cloud services. This enabled us to build in security and availability at every layer, from physical security through to computer, network, and storage. We supplement our technical measures with well-defined security and access policies, and prove our security using ongoing third-party audits and certification.

We protect your data throughout our infrastructure, including computer, storage, and network transmission.

Our connection with your ERP system is read-only.

We demand that all of our vendors meet our data protection standards.

We continuously monitor the health of our service and show customers those metrics via this portal: https://status.floqast.com/

Compliance and Security Team

We have a team dedicated to our compliance with industry standards and the security of our platform. We use a multi-layered approach to ensure our code is developed in a secure manner using shift-left principles and follow Secure Software Development Lifecycle (SDLC) based on best practice standards such as OWASP and Microsoft SDL. Our focus on security and compliance extends from the Compliance and Security teams to the entire company via a training program against outside attacks like phishing, and tests them regularly to ensure compliance.

Employees and contractors agree in writing to comply with our security controls.

We run background checks of all employees and contractors with access to customer confidential information.

Our compliance team instills security into our culture via regular security awareness training sessions and by testing employees to ensure compliance.

By limiting production access to those who need it and regularly monitoring access, we minimize access points and operational risk.

Secure Development Lifecycle

With any new development, our team has security top of mind. We perform security testing throughout coding, testing, and deployment. Our internal security team works with independent external security researchers to validate our software security.

Our engineers and developers work according to current industry standards on secure programming and code review.

Our platform security is regularly reviewed by peers, in-house security researchers, and third-party security assessors.

Our software development lifecycle includes more than 60,000 tests.

Our internal penetration testing team continually audits source code per OWASP standards to measure source code integrity.

Secure Customer Data

FloQast’s data protection meets industry standards. It complies with requirements and is tailored to be both General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) compliant. Our encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.

We encrypt your data at the data field and file level, ensuring we safeguard all of your sensitive financial information.

We protect every customer individually, isolating your data to ensure the highest degree of security and trust.

We utilize Amazon’s FIPS compliant key management service configured to meet the highest industry standards.

We adhere to a robust vulnerability management program built from best practice frameworks, ensuring our corporate environment, cloud infrastructure, and application follow strict patching SLAs.

Application Security

We run vulnerability scans continuously – daily, not weekly or monthly. To support our internal security, we also work with third party security auditors to ensure our processes follow industry standards.

We test business critical applications before they are deployed.

Our infrastructure is regularly subject to penetration testing.

We always perform code reviews and use static analysis tools to ensure high code quality in our applications.

We rely on Infrastructure-as-Code to ensure high consistency across our environments.

If you believe you've discovered a security-related issue, please contact us at security@floqast.com.

COMPLIANCE

FloQast complies with a range of industry-standard certifications and authorizations. In order to ensure that our customers have the compliance and security documentation they require for their auditors and due diligence, FloQast customers can request the following documentation whenever they need it by contacting their Customer Support Manager.

Security and Policy Documentation

Annual Third-Party Penetration Tests

Data Privacy Policies

Security Policies

Disaster Recovery and Business Continuity Policies

Detailed Due Diligence and Data Security FAQ

Shared Information Gathering (SIG) Questionnaire

SOC 1 Type II

FloQast has certified its systems annually to AICPA SOC 1 Type II since 2016, successfully auditing the controls relevant to user entities’ internal control over financial reporting.

SOC 2 Type I

FloQast has certified its systems to AICPA SOC 2 Type I, successfully auditing the operational and security processes of our service and our company.

CCPA

You can learn more and download FloQast’s CCPA-compliant DPA at https://floqast.com/privacy-policy/.

GDPR

You can learn more and download FloQast’s GDPR-compliant DPA at https://floqast.com/privacy-policy/.

Please engage your Account Executive and/or Customer Success Manager if you have any questions.