Skip to main content

Security

Overview

This page provides a summary of the data protection controls in place at Facilisgroup. We respect our partners’ and customers’ privacy. Keeping data protected is a top priority!

We have established an Information Security Management System (ISMS), which incorporates our data protection objectives as well as confidentiality, integrity, and availability of that data.

Should you have any questions or feedback, please contact us at infosec@facilisgroup.com.

Physical Security

Facilisgroup maintains access controls to its office areas, allowing access only to authorized personnel based on their purpose of entry into the office. Premises are appropriately maintained with other monitoring and security measures in accordance with local regulations.

We also leverage co-location datacenters for hosting some data, which is provisioned and managed by certified compliant providers. Access to these datacenters is restricted to a limited group of authorized personnel that are monitored and recorded for future review in case of an incident.

Data Protection

Facilisgroup adopts a hybrid environment, with data stored within our co-location datacenters and some in Microsoft Azure. All hosted data have redundancies with backups done several times a day, both online and offline, for appropriate data recovery as needed. All data in transit and at rest is encrypted using strong encryption protocols.

We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, the safety and security of your information also depends on you.

Where you have been provided with (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask that you never share your password with anyone.

Network Security

Facilisgroup leverages a layered approach to data loss prevention on endpoint, and cloud using next-gen security tools in combination with traditional approaches. Production environments are hosted separately from non-production environments.

We use firewalls to prevent unauthorized access and leverage multiple DDoS mitigation solutions to limit disruptions caused by undesirable traffic. Network Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are in place at application ingress and egress points to detect, prevent and mitigate potential security events.

Our environment is restricted to authorized personnel, with high availability architecture and continuous monitoring in place. Our Managed Security Service Provider (MSSP) monitors our environment for any discrepancies or suspicious activities. Alerts are triggered in any instance of abnormal or suspicious activities, which are promptly investigated, analyzed, and remediated.

All components of our infrastructure are configured redundantly to prevent single points of failure.

You can follow in real time the status of our Syncore service here.

Application Security

All data is encrypted. Internet communications or data in transit is secured via Secure Hypertext Transfer Protocol (HTTPS) using Transport Layer Security (TLS). Customer data at rest is secured using Advanced Encryption Standard (AES).

Development environments are completely separated from the production environment.

All customer data is segregated and can only be accessed by designated individuals who have been assigned unique credentials and privileges.

An independent third party performs periodic web and network penetration tests on the production environment.

Operational Security

Facilisgroup has documented incident response and disaster recovery plans to support all business continuity management needs for the organization. Changes to production are subject to documented testing, validation, and approval.

All servers and workstations run up-to-date operating systems and have endpoint protection. Default passwords are reset, unused ports are disabled, and accounts are disabled or removed when no longer needed. Patching is done weekly or sooner, as determined by criticality. Mobile access is restricted to authorized personnel and administered through a mobile device management system.

Security Compliance

Facilisgroup is actively the pursuing the American Institute of Certified Public Accountants (AICPA) SOC 2 (System and Organization Controls) certification.

There is a dedicated Information Security team responsible for enhancing and implementing appropriate security controls across the organization and all information systems, both internal and external.

All personnel with access to our information systems or your data must successfully complete background and criminal checks, agree to confidentiality agreements and attend security awareness training at on boarding as well as annual refresher courses to ensure they are aware of existing and emerging threats. We work with reputed external agencies to identify and recruit competent personnel.