Information Security
Committed to protecting your confidential and proprietary information
Dedicated
InfoSecurity
Dedicated
InfoSecurity
As a nearshore software development company, it is imperative that we safeguard our clients’ sensitive and confidential information. We at First Factory take security seriously. Our dedicated IT and InfoSecurity team ensures the proper protocols are taken to grant appropriate access and permissions and protect our most valued assets, data, and intellectual property. Every employee is trained and stays current on security vulnerabilities and trends
How We Safeguard
How We Safeguard
First Factory is highly committed to integrity and ethical values. Our People Ops team conducts background checks for all applicants as a condition of employment, and requires that all staff read and sign a host of InfoSec policies. Our InfoSec team regularly tests our staff with phishing campaigns conducted through KnowBe4 and require annual completion of infosecurity modules pertinent to their role in the organization. We employe separate management oversight and define a clear corporate structure with detailed roles and responsibilities.
We apply software development best practices, categorize and secure data, and handle the transmission of sensitive data with encryption. Our InfoSec team employs mobile device management across all issued assets to alert us of unapproved software installations, viruses, and other vulnerabilities. Should a laptop be stolen, our team can remotely wipe the machine, lock the device, and track its location to help authorities.
Remaining Vigilant
Remaining Vigilant
We carefully vet business partners and third-party vendors. In every engagement we require nondisclosure agreements or other contractual confidentiality and privacy provisions. An annual penetration test is conducted annually by an external source to evaluate the vulnerability of our environments.
Quarterly control audits are conducted by stakeholders to evaluate the comprehensiveness and effectiveness of our controls. These efforts determine the security posture of the business and product environments, technologies, and data. Business Continuity Planning (BCP) and Disaster Recovery (DR) procedures are adhered to in real and simulated BCP/DR scenarios.
Steering Committee
Steering Committee
The Internal Information Security Committee (ISSC) oversees the governance and compliance of our policies. It is the committee's responsibility to ensure information security incidents are managed in accordance with established business continuity and crisis protocols against defined procedures. Request a copy of our InfoSec Program Statement.
Virtual CISO
Virtual CISO
We leverage a Virtual CISO partner, Fractional CISO, that supports and guides our efforts for maturing our processes further. They test us on compliance and efficacy of our action plans, and prepare us for unplanned incidents. Our vCISO team conducts formal risk assessments to determine risk levels, acceptance, and mitigation planning. Read the Fractional CISO case study on the First Factory engagement here.
SOC 2 Type 2
SOC 2 Type 2
First Factory is proud to have received our SOC 2 Type 2 report. This attests that our cybersecurity procedures and controls have been well designed and aligned with the Service Organization Control compliance framework developed by the American Institute of Certified Public Accountants (AICPA). Our SOC 2 Type 2 auditors evaluated us in the following trust areas: Security, Availability, and Confidentiality.
