At 3forge, we prioritize the security of your data and systems. Our commitment to safeguarding your information is embedded in every aspect of our platform and operations. From rigorous security protocols to continuous monitoring and improvements, we strive to ensure that our platform remains robust, reliable, and secure. Here's an overview of the security practices we have in place to protect your data.
3forge is accredited as compliant in accordance with Service Organization Control (SOC) 2 Type II. This accreditation is in line with standards set by the American Institute of Certified Public Accountants (AICPA) for Service Organizations, more commonly known as SSAE 18.
The SOC 2 Type II audit was conducted by Prescient Assurance, ensuring security and compliance for global B2B and SAAS firms. As a recognized public accounting firm in the US and Canada, Prescient Assurance offers a wide range of risk management and assurance services, encompassing but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.
We implement robust security policies and procedures that are integrated into the fabric of our organization, ensuring a secure operating environment.
We have a comprehensive Information Security Program that is communicated and enforced across our organization. Our program adheres to the criteria set forth by the SOC 2 Framework, an industry-recognized standard for information security auditing developed by the American Institute of Certified Public Accountants (AICPA).
3forge undergoes independent third-party assessments to rigorously test and validate our security and compliance controls.
To ensure the resilience of our services, we conduct independent third-party penetration tests at least annually. This helps us identify and mitigate any potential vulnerabilities.
Roles and responsibilities related to our Information Security Program and the protection of customer data are clearly defined and documented. All team members are required to review and accept our security policies.
Our team members undergo regular security awareness training, covering best practices and critical information security topics such as phishing prevention and password management.
Every team member is required to sign and adhere to a confidentiality agreement before starting work at 3forge.
We conduct background checks on all new employees in accordance with local laws to ensure the integrity and trustworthiness of our team.
Our custom-built infrastructure is designed to meet the highest security standards, providing a secure and resilient foundation for our services.
3forge operates on a fully custom-built infrastructure, designed and developed in-house to meet the highest security standards. We control every aspect of our platform, from the servers to the software, ensuring a secure and reliable environment for our clients.
At 3forge, we do not host or store any client data. Instead, our platform serves as a top layer for processing, visualizing, and manipulating data in real time. Your data remains secure in your environment, with 3forge providing the tools to interact with it seamlessly.
3forge performs regular vulnerability scanning and actively monitors for potential threats to maintain a strong security posture.
We continuously monitor and log activities across our platform to detect and respond to any anomalies or security incidents.
While we do not store client data, all communications and data interactions within the 3forge platform are encrypted in transit using TLS/SSL protocols to ensure secure processing and transmission.
We have comprehensive plans in place to ensure the continuity of our operations and rapid recovery in the event of an unforeseen incident.
Our custom-built infrastructure is designed for resilience, minimizing the risk of downtime or service disruption. We continuously monitor our systems and have robust procedures in place to ensure business continuity.
3forge has a well-defined process for handling information security incidents, including escalation procedures, rapid mitigation, and effective communication.
Strict access controls and authentication mechanisms are in place to safeguard our systems, ensuring only authorized personnel have access.
Access to our infrastructure and other sensitive tools is restricted to authorized employees based on their roles. We employ Single Sign-On (SSO), 2-factor authentication (2FA), and stringent password policies to enhance security.
We conduct quarterly reviews of all team members' access to sensitive systems to ensure ongoing compliance with access controls.
We adhere to the principle of least privilege in managing identity and access, ensuring that employees have only the access necessary for their roles.
Team members are required to follow strict password complexity requirements to secure access to our systems.
All company-issued laptops come equipped with password managers to help employees maintain secure and complex passwords.
We meticulously evaluate and monitor our vendors to ensure they comply with our stringent security standards and mitigate any associated risks.
We conduct annual risk assessments to identify and address potential security threats, including those related to fraud.
We assess vendor risk and conduct appropriate reviews before onboarding new vendors to ensure they meet our security standards.