Security Statement
At FluentPro, we take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.
Physical Security
FluentPro’s information systems and technical infrastructure are hosted on Microsoft Azure Cloud that provides robust physical data center security and environmental controls. The Microsoft Azure infrastructure is designed and managed to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Security controls provided by our cloud provider facilities include but are not limited to:
24/7 Physical security guard services
Extensive physical entry restrictions to the building, facilities, and data center floor
Biometric access with two-factor authentication
Video cameras monitoring, full-body metal detection screening, and security scans
Independent power, cooling, and networking for each availability zone within the Azure region.
Asset Management
All FluentPro-issued portable devices are equipped with full hard disk encryption and have the proper protection mechanisms installed, such as password protection, biometric authentication, up-to-date antivirus software.
Access Control
Our solutions do not have embedded password management and support a single sign-on authentication with the Microsoft Office 365 / Azure Active Directory which allows you to apply the password policy that is set in your organization. Our internal password policy has strong complexity, expiration, and lockout requirements. FluentPro grants access on a need to know on the basis of least privilege rules only after formal approval by IT staff and management reviews permissions quarterly and revoke access immediately after employee termination.
Personnel
FluentPro conducts background screening at the time of hire (to the extent permitted by applicable laws in the country of employment). In addition, FluentPro communicates its information security policies to all personnel (who must acknowledge this) and requires employees to sign non-disclosure agreements and provides ongoing privacy and security training.
User Authentication
Each user in the Project Migrator application has a unique account and a username. We offer Microsoft Office 365, Google, and Email authentication for accessing Project Migrator. Depending on your selection, you will be offered to register using your Microsoft Office 365/ Google account or create a username and password if Email authentication is selected. Using Microsoft Office 365 / Google authentication, the username must match the primary email address of the Work account.
Application Development
Our development team employs secure coding techniques and best practices of software development. Development, testing, and production environments are separated. All test and development data are completely fabricated – created only for testing and development All changes are peer-reviewed and logged for performance, testing, and audit purposes prior to deployment into the production environment.
Data isolation
The application is built using multi-tenancy architecture with logical separation in place. All data is stored in a shared database with logical controls that enforce separation. Thus, the data of each Project Migrator customer is logically separated and is not influenced or can be accessed by other tenants. At the customer’s request, their tenant can be segregated and placed into a separate database allowing both logical and physical controls.
Data protection
All customer data in storage and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as TLS 1.2 encryption protocol.