Services
Security Overview
At 3forge, security is embedded into every layer of our platform. From SOC 2 Type II certification to continuous vulnerability monitoring, we uphold the standards that global banks and institutional firms depend on.
SOC 2 Type II Certified · Audited by Prescient Assurance
Security as a Priority
3forge is SOC 2 Type II Certified
3forge is accredited as compliant in accordance with Service Organization Control (SOC) 2 Type II, aligned with standards set by the AICPA under SSAE 18. The audit was conducted by Prescient Assurance, a recognized accounting firm specialising in risk management and assurance services for global B2B and SaaS organisations.
Organizational Security
Policies, people, and processes
We implement robust security policies and procedures integrated into the fabric of our organization, ensuring a secure operating environment for our team and clients.
Information Security Program
A comprehensive program communicated and enforced across the organization, adhering to the SOC 2 Framework developed by the AICPA.
Third-Party Audits
Independent third-party assessments rigorously test and validate our security and compliance controls on an ongoing basis.
Third-Party Penetration Testing
Independent penetration tests conducted at least annually to identify and mitigate potential vulnerabilities before they can be exploited.
Roles and Responsibilities
Security roles and responsibilities are clearly defined and documented. All team members must review and accept security policies.
Security Awareness Training
Regular security awareness training covering phishing prevention, password management, and critical information security best practices.
Confidentiality
Every team member signs a confidentiality agreement before commencing work at 3forge, protecting client and proprietary information.
Background Checks
Background checks conducted on all new employees in accordance with local laws, ensuring the integrity and trustworthiness of the team.
Infrastructure Security
Custom-built, fully controlled
Our custom-built infrastructure is designed to meet the highest security standards, providing a secure and resilient foundation for our services with no reliance on third-party cloud platforms for client data.
Custom-Built Infrastructure
3forge operates on a fully custom-built infrastructure developed in-house. We control every aspect of the platform, from servers to software, ensuring a secure and reliable environment.
Data Handling and Security
3forge does not host or store client data. Our platform is a processing and visualisation layer, meaning your data stays in your environment, never ours.
Vulnerability Scanning
Regular vulnerability scanning and active threat monitoring maintain a strong security posture and enable rapid response to emerging risks.
Logging and Monitoring
Continuous monitoring and logging of platform activity enables detection and rapid response to anomalies and security incidents.
Encryption in Transit
All communications and data interactions within the 3forge platform are encrypted in transit using TLS/SSL protocols to ensure secure transmission.
Business Continuity & Disaster Recovery
Resilience by design
Comprehensive plans ensure the continuity of our operations and rapid recovery in the event of an unforeseen incident, with minimal disruption to clients.
Resilient Infrastructure
Our custom-built infrastructure is engineered for resilience with continuous monitoring and robust procedures to ensure business continuity.
Incident Response
A well-defined incident response process covers escalation procedures, rapid mitigation, and effective communication to affected parties.
Access Security
Strict controls, minimal footprint
Strict access controls and authentication mechanisms ensure only authorized personnel have access to sensitive systems, with regular reviews to maintain compliance.
Permissions and Authentication
Access to infrastructure and sensitive tools is restricted by role. We employ SSO, two-factor authentication (2FA), and stringent password policies.
Quarterly Access Reviews
Quarterly reviews of all team members' access to sensitive systems ensure ongoing compliance and prompt removal of unnecessary privileges.
Least Privilege Access Controls
We adhere to the principle of least privilege, ensuring employees have only the minimum access necessary to perform their roles.
Password Requirements
Strict password complexity requirements are enforced for all access to 3forge systems, supplemented by mandatory use of password managers.
Password Managers
All company-issued devices are equipped with password managers, enabling employees to maintain secure and unique credentials across systems.
Vendor & Risk Management
Scrutiny at every boundary
We meticulously evaluate and monitor our vendors and conduct annual risk assessments to ensure they comply with our security standards and to mitigate associated risks.
Annual Risk Assessments
Annual assessments identify and address potential security threats, including fraud risks, across our operations and supply chain.
Vendor Risk Management
Vendor risk is assessed and appropriate reviews conducted before onboarding, ensuring new vendors meet 3forge's security and compliance standards.