Security is our business and we take it seriously.
We use a variety of methods to secure our network and servers as well as our software and web applications. Our data retention and business continuity plans are comprehensive and our employees maintain organizational security measures designed to keep your data safe.
Network and server security
- Network infrastructure undergoes regular internal penetration testing audits that are augmented by semi-regular third-party audits.
- Our information security team performs regular software updates throughout the FocusPoint Technologies infrastructure to remain up-to-date on software security patches.
Software and web application security
- Web APIs and web pages are secured with SSL certificates that support encryption algorithms with key lengths up to 256 bits and prohibit any key lengths shorter than 128 bits.
- FocusPoint Technologies’s cloud infrastructure employs Multi-Factor Authentication for management operations.
- Industry-standard (symmetric and asymmetric) encryption algorithms with appropriately sized keys are used to protect sensitive Customer Information.
Data retention & Disaster recovery
- Data is aggressively archived and FocusPoint Technologies performs regular offsite backups to ensure redundancy.
- Prospective employees undergo security screenings during the hiring process.
- FocusPoint Technologies employees undergo security operations training.
- FocusPoint Technologies employees use encrypted storage, encrypted chat (and voice), encrypted tunnels (VPN and SSH), and encrypted email for sensitive internal communications and operations.
- FocusPoint Technologies maintains detailed application-level and system-level logs.
Security research and disclosure process
Simple understands the devotion and effort that security work requires. As such, we encourage the responsible disclosure of any vulnerabilities to us. Responsible disclosure means:
- Openly share the full details of any vulnerabilities with us.
- Do not announce or share the details of any vulnerabilities in any way with the public or other parties.
- Do not exploit the vulnerability except for purposes of demonstrating it to FocusPoint Technologies personnel. Please contact email@example.com.
- Do not use the vulnerability to access, modify, harm, or otherwise alter any FocusPoint Technologies (or its customers’) data.
Vulnerabilities that are “responsibly disclosed” according to the above process are welcomed. Simple will not seek to bring legal action against any person who adheres to this process of responsible disclosure. Additionally, severe vulnerabilities are eligible for a vulnerability reward.