Infrastructure and Physical Security
When we selected an infrastructure provider, we drew on our technical team’s experience in developing and operating market-leading cloud services. This enabled us to build in security and availability at every layer, from physical security to computer, network, and storage. We supplement our technical measures with well-defined security and access policies, and prove our security using ongoing third-party audits and certification.
We protect your data throughout our infrastructure, including computer, storage, and network transmission.
Our connection with your ERP system is read-only.
We require that all of our vendors meet our data protection standards.
We continuously monitor the health of our service and show customers those metrics via this portal: https://status.floqast.com/
Compliance and Security Team
We have a team dedicated to our compliance with industry standards and the security of our platform. We use a multi-layered approach to ensure our code is developed in a secure manner using shift-left principles and follow Secure Software Development Lifecycle (SDLC) based on best practice standards such as OWASP and Microsoft SDL. Our focus on security and compliance extends from the Compliance and Security teams to the entire company via a training program against outside attacks like phishing, and tests them regularly to ensure compliance.
Employees and contractors agree in writing to comply with our security controls.
We run background checks of all employees and contractors with access to customer confidential information.
Our compliance team instills security into our culture via regular security awareness training sessions and by testing employees to ensure compliance.
By limiting production access to those who need it and regularly monitoring access, we minimize access points and operational risk.
Secure Development Lifecycle
With any new development, our team has security top of mind. We perform security testing throughout coding, testing, and deployment. Our internal security team works with independent external security researchers to validate our software security.
Our engineers and developers work according to current industry standards on secure programming and code review.
Our platform security is regularly reviewed by peers, in-house security researchers, and third-party security assessors.
Our software development lifecycle includes more than 60,000 tests.
Our internal penetration testing team continually audits source code per OWASP standards to measure source code integrity.
Secure Customer Data
FloQast’s data protection meets industry standards. It complies with requirements and is tailored to meet privacy laws, including General Data Protection Regulation (GDPR) and California Privacy Rights Act (CPRA). Our encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.
We encrypt your data at the data field and file level, ensuring we safeguard all of your sensitive financial information.
We protect every customer individually, isolating your data to ensure the highest degree of security and trust.
We utilize Amazon’s FIPS compliant key management service configured to meet the highest industry standards.
We adhere to a robust vulnerability management program built from best practice frameworks, ensuring our corporate environment, cloud infrastructure, and application follow strict patching SLAs.
Application Security
We run vulnerability scans continuously — daily, not weekly or monthly. To support our internal security, we also work with third party security auditors to ensure our processes follow industry standards.
We test business critical applications before they are deployed.
Our infrastructure is regularly subject to penetration testing.
We always perform code reviews and use static analysis tools to ensure high code quality in our applications.
We rely on Infrastructure-as-Code to ensure high consistency across our environments.
If you believe you’ve discovered a security-related issue, please contact us at [email protected].