Security at Formera
At the center of our business is the trust of the customers. Security is one of the top priorities, so our services, data management systems, and data storage solutions are all designed to protect our users' data and to introduce the highest level of security.
Some of the major security practices at Formera:
In-Transit and At-Rest Encryption
All our customers' data are protected in transit and at rest. In transit, all the forms are served and can be accessed via TLS/256 Bit SSL connections, as the same protection level of banking, electronic commerce, and financial services. At rest, we employ RSA 2048 to secure the forms and encrypt the submitted data. All accounts' passwords are hashed and all login pages are secured with brute force protections.
Network Firewall
Formera applies the most advanced techniques of intrusion detection and attack monitoring, harnessing the power of firewalling in both levels, web application level, and network level. Additionally, we provide our platform with multiple DDoS defenses to make the customers benefit from our services securely and without any interruption.
Best Development Practices
Formera development team ensures that all coding and new features developing activities go through all security and functionality tests and analyses on staging procedures before being added to the final product, to ensure that our customers' accounts be highly secure and isolated.
Datacenter Security
Your forms and submissions data are stored by Microsoft Azure Cloud and Google Cloud Platform which apply the most advanced physical security controls. Microsoft and Google datacenters which we use to host our cloud services and to store our customers' data are located both in the European Union and in the United States.
Access Permissions
Formera protects its product infrastructure against potential security threats by applying a well-designed and strictly controlled access model. Employees are granted access to the service environments based on their role in the company on an RBAC Role-Based Access Controls basis.
Bug Bounty Program
We run a bug bounty program on regular basis to give an opportunity for the researchers and security experts to provide us with reports about the vulnerabilities they see in our services. So, we can address any emerging issue earlier and be able to provide our customers with the best and most secure experience ever.
Physical Security
Formera services are hosted by Microsoft Azure and Google Cloud Platform which are both SOC 2 II and ISO 27K certified cloud services providers. Some of the applied physical security protections at our datacenters are: video surveillance, biometric scanners, highly skilled security guards, and sophisticated access controls.
Incident Response
We apply standardized incident response procedures, and our development team has constructed robust structures of system logging, data sources investigating, and security incident processing, to guarantee that only the right decisions are made in all situations.
Vulnerabilities Assessment
Our security team implements a comprehensive coverage vulnerability scanning over all the layers of the product infrastructure, leveraging the most advanced industry-recommended tools and assessment approaches.
Penetration Testing
Formera employs the most recognized third parties in the web application security industry to perform 4 penetration tests a year, in order to identify security flaws that might expose potential risks to our operations and to address any issue earlier.
Compliance with GDPR
Formera is completely compliant with the General Data Protection Regulation GDPR of the European Union, ensuring that the data of our customers are fully protected. With Formera you are able to choose to store your data in the servers run by Microsoft Azure Cloud or Google Cloud Platform and located specifically in the European Union.
In Country Cloud Servers
For complying with data privacy laws and regulations in the different countries around the globe, enterprise users of Formera can choose the geographical location of the hosting cloud server in any part in the world.
Protection from Spam
Formera introduces powerful options to protect your forms from spammers. Such as: one submission from one IP address or one computer, Captchas, unique URLs, and form lock after a specific number of submissions or period of time.
Two-Factor Authentication
To boost the security of our customers' accounts, Formera provides the two-factor authentication option within the account settings, users can enable it easily at any time. Additionally, at the product infrastructure access level, non-fungible tokens and two-factor authentications are enforced on the employees for server-level access permissions.
HR Security
All our employees and vendors have to sign a confidentiality agreement before cooperation. We organize annual educational security training programs for all our employees. Additionally, we arrange secure programming training courses on a monthly basis for our software developers specifically.
Continuity
Our strategy of business continuity and disaster recovery relies basically on infrastructure redundancy, real-time replication, and regular backups. Formera applies a strong backup policy, so your data are replicated regularly and in real-time between several servers from Microsoft Azure Cloud and Google Cloud Platform, which are strategically distributed across different zones.