Security Statement - Software Services

1.1 FOSS is committed to establishing, implementing and maintaining appropriate technical, administrative and physical information security controls to comply with ISO 27001/2. All FOSS Software Service practices are ISO 27001 certified.

1.2 In addition, FOSS has implemented an internal policy according to which the General Data Protection Regulation (GDPR) applies on a global scale, regardless of the location of FOSS’ users and employees. This ensures that all individuals whose personal data is being processed in FOSS’ applications benefits from a level of data protection that is equivalent to that found within the European Union.

1.3 Cloud Security. The Software Services are deployed on the Microsoft Azure platform, which provides a secure and reliable cloud infrastructure. FOSS uses the security features and services provided by Microsoft Azure to protect customer data from security threats such as unauthorized access, data breaches, and malware attacks. These security features include advanced encryption techniques, secure authentication processes, logging, firewalls and network segmentation.

1.4 Availability. To achieve a high degree of availability, FOSS utilizes multiple redundant systems, including servers, power supplies and backup systems, to ensure that the Software Services are always available to the customer. Backups are regularly tested, and their performance is continuously monitored to ensure that backups are being completed on schedule and that there are no errors or failures.

1.5 Access Controls. FOSS assigns access to employees based on a work-related need and apply the “principle of least privilege” to ensure that user accounts are only assigned those privileges which are necessary to perform its intended function. FOSS verifies within appropriate timeframes that access rights and privileges are assigned correctly.

1.6 Incident Response. In the event of a data breach or security incident, FOSS will notify affected customers without undue delay and take appropriate measures to contain the breach and minimize the impact. FOSS will also cooperate with affected customers and any regulatory authorities as necessary to investigate the breach and take remedial action.

Version 1.0 – June 2023