Information Security
Committed to protecting your confidential and proprietary information
Dedicated
InfoSecurity
Dedicated
InfoSecurity
As a nearshore software development company, you can imagine how important it is for each member of our team to safeguard our clients’ sensitive and confidential information. We at First Factory take security seriously. Our dedicated IT and InfoSecurity team ensures the proper protocols are taken to grant appropriate access and permissions and protect our most valued assets, data, and intellectual property.
How We Safeguard
How We Safeguard
We demonstrate a commitment to integrity and ethical values, conduct background checks for all applicants as a condition of employment, and require that all staff read and sign a host of InfoSec policies. We test our team regularly with phishing campaigns conducted through KnowBe4 and require annual completion of infosecurity modules pertinent to their role in the organization. We have demonstrated separate and sufficient management oversight and have a clear corporate structure with well-defined roles and responsibilities.
We apply software development best practices, categorize and secure data, and handle the transmission of sensitive data with encryption. We have comprehensive mobile device management to alert our InfoSec team of unapproved software installations, viruses, and other vulnerabilities. Should a laptop be stolen, our team can remotely wipe the machine, lock the device, and track its location to help authorities.
Remaining Vigilant
Remaining Vigilant
We carefully vet business partners and third-party vendors, requiring nondisclosure agreements or other contractual confidentiality and privacy provisions. An external resource conducts Annual Penetration testing to evaluate the vulnerability of our environments.
We conduct numerous quarterly control audits that review the comprehensiveness and effectiveness of our controls to secure the business and product environments, technologies, and data. Business Continuity Planning (BCP) and Disaster Recovery (DR) procedures are in place and are adhered to in real and simulated BCP/DR scenarios.
Steering Committee
Steering Committee
The Internal Information Security Committee (ISSC) oversees the governance and compliance of our policies. It is the committee's responsibility to ensure information security incidents are managed in accordance with established business continuity and crisis protocols against defined procedures. Request a copy of our InfoSec Program Statement.
Virtual CISO
Virtual CISO
We have a Virtual CISO organization, Fractional CISO, that offers support and guidance for maturing our processes further and tests us on compliance and efficacy of our action plans. Our vCISO team conducts formal risk assessments to determine risk levels, acceptance, and mitigation planning... Read the Fractional CISO case study on the First Factory engagement here.
SOC 2
SOC 2
First Factory is proud to have received our SOC 2 Type 1 report attesting that our cybersecurity procedures and controls have been well designed and align with the Service Organization Control compliance framework developed by the American Institute of Certified Public Accountants (AICPA).