FluentPro’s information systems and technical infrastructure are hosted on Microsoft Azure Cloud that provides robust physical data center security and environmental controls. The Microsoft Azure infrastructure is designed and managed to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Security controls provided by our cloud provider facilities include but are not limited to:
- 24/7 Physical security guard services
- Extensive physical entry restrictions to the building, facilities, and data center floor
- Biometric access with two-factor authentication
- Video cameras monitoring, full-body metal detection screening, and security scans
- Independent power, cooling, and networking for each availability zone within the Azure region.
All FluentPro-issued portable devices are equipped with full hard disk encryption and have the proper protection mechanisms installed, such as password protection, biometric authentication, up-to-date antivirus software.
Our solutions do not have embedded password management and support a single sign-on authentication with the Microsoft Office 365 / Azure Active Directory which allows you to apply the password policy that is set in your organization. Our internal password policy has strong complexity, expiration, and lockout requirements. FluentPro grants access on a need to know on the basis of least privilege rules only after formal approval by IT staff and management reviews permissions quarterly and revoke access immediately after employee termination.
FluentPro conducts background screening at the time of hire (to the extent permitted by applicable laws in the country of employment). In addition, FluentPro communicates its information security policies to all personnel (who must acknowledge this) and requires employees to sign non-disclosure agreements and provides ongoing privacy and security training.
Each user in the Project Migrator application has a unique account and a username. We offer Microsoft Office 365, Google, and Email authentication for accessing Project Migrator. Depending on your selection, you will be offered to register using your Microsoft Office 365/ Google account or create a username and password if Email authentication is selected. Using Microsoft Office 365 / Google authentication, the username must match the primary email address of the Work account.
Our development team employs secure coding techniques and best practices of software development. Development, testing, and production environments are separated. All test and development data are completely fabricated – created only for testing and development All changes are peer-reviewed and logged for performance, testing, and audit purposes prior to deployment into the production environment.
The application is built using multi-tenancy architecture with logical separation in place. All data is stored in a shared database with logical controls that enforce separation. Thus, the data of each Project Migrator customer is logically separated and is not influenced or can be accessed by other tenants. At the customer’s request, their tenant can be segregated and placed into a separate database allowing both logical and physical controls.
All customer data in storage and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as TLS 1.2 encryption protocol.