3forge Security Overview
At 3forge, we prioritize the security of your data and systems. Our commitment to safeguarding your information is embedded in every aspect of our platform and operations. From rigorous security protocols to continuous monitoring and improvements, we strive to ensure that our platform remains robust, reliable, and secure. Here's an overview of the security practices we have in place to protect your data.
SOC 2
3forge has been accredited as compliant in accordance with Service Organization Control (SOC) 2 Type II. This accreditation is in line with standards set by the American Institute of Certified Public Accountants (AICPA) for Service Organizations, more commonly known as SSAE 18.
The SOC 2 Type II audit was conducted by Prescient Assurance, ensuring security and compliance for global B2B and SAAS firms. As a recognized public accounting firm in the US and Canada, Prescient Assurance offers a wide range of risk management and assurance services, encompassing but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.
Organizational Security
We implement robust security policies and procedures that are integrated into the fabric of our organization, ensuring a secure operating environment.
Information Security Program
We have a comprehensive Information Security Program that is communicated and enforced across our organization. Our program adheres to the criteria set forth by the SOC 2 Framework, an industry-recognized standard for information security auditing developed by the American Institute of Certified Public Accountants (AICPA).
Third-Party Audits
3forge undergoes independent third-party assessments to rigorously test and validate our security and compliance controls.
Third-Party Penetration Testing
To ensure the resilience of our services, we conduct independent third-party penetration tests at least annually. This helps us identify and mitigate any potential vulnerabilities.
Roles and Responsibilities
Roles and responsibilities related to our Information Security Program and the protection of customer data are clearly defined and documented. All team members are required to review and accept our security policies.
Security Awareness Training
Our team members undergo regular security awareness training, covering best practices and critical information security topics such as phishing prevention and password management.
Confidentiality
Every team member is required to sign and adhere to a confidentiality agreement before starting work at 3forge.
Background Checks
We conduct background checks on all new employees in accordance with local laws to ensure the integrity and trustworthiness of our team.
Infrastructure Security
Our custom-built infrastructure is designed to meet the highest security standards, providing a secure and resilient foundation for our services.
Custom-Built Infrastructure
3forge operates on a fully custom-built infrastructure, designed and developed in-house to meet the highest security standards. We control every aspect of our platform, from the servers to the software, ensuring a secure and reliable environment for our clients.
Data Handling and Security
At 3forge, we do not host or store any client data. Instead, our platform serves as a top layer for processing, visualizing, and manipulating data in real time. Your data remains secure in your environment, with 3forge providing the tools to interact with it seamlessly.
Vulnerability Scanning
3forge performs regular vulnerability scanning and actively monitors for potential threats to maintain a strong security posture.
Logging and Monitoring
We continuously monitor and log activities across our platform to detect and respond to any anomalies or security incidents.
Encryption at Rest and in Transit
While we do not store client data, all communications and data interactions within the 3forge platform are encrypted in transit using TLS/SSL protocols to ensure secure processing and transmission.
Business Continuity and Disaster Recovery
We have comprehensive plans in place to ensure the continuity of our operations and rapid recovery in the event of an unforeseen incident.
Resilient Infrastructure
Our custom-built infrastructure is designed for resilience, minimizing the risk of downtime or service disruption. We continuously monitor our systems and have robust procedures in place to ensure business continuity.
Incident Response
3forge has a well-defined process for handling information security incidents, including escalation procedures, rapid mitigation, and effective communication.
Access Security
Strict access controls and authentication mechanisms are in place to safeguard our systems, ensuring only authorized personnel have access.
Permissions and Authentication
Access to our infrastructure and other sensitive tools is restricted to authorized employees based on their roles. We employ Single Sign-On (SSO), 2-factor authentication (2FA), and stringent password policies to enhance security.
Quarterly Access Reviews
We conduct quarterly reviews of all team members' access to sensitive systems to ensure ongoing compliance with access controls.
Least Privilege Access Control
We adhere to the principle of least privilege in managing identity and access, ensuring that employees have only the access necessary for their roles.
Password Requirements
Team members are required to follow strict password complexity requirements to secure access to our systems.
Password Managers
All company-issued laptops come equipped with password managers to help employees maintain secure and complex passwords.
Vendor and Risk Management
We meticulously evaluate and monitor our vendors to ensure they comply with our stringent security standards and mitigate any associated risks.
Annual Risk Assessments
We conduct annual risk assessments to identify and address potential security threats, including those related to fraud.
Vendor Risk Management
We assess vendor risk and conduct appropriate reviews before onboarding new vendors to ensure they meet our security standards.