Security at FourKites

FourKites Data Security

1. Compliance with international standards & certifications

FourKites meets the standards set by the International Standards Organization (ISO) for ISO 27017 for cloud service security and ISO 27018 for data privacy as part of its ISO 27001 certification. ISO 27017 provides guidelines for information security controls applicable to and specific to the provisioning and use of cloud services, while ISO 27018 establishes commonly accepted controls and guidelines for implementing measures to protect personally identifiable information (PII) for the public cloud computing environment.

FourKites has also implemented controls consistent with the SOC 2 Type II standard. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.

Please note that the SOC2 and ISO 27001 standards consist of 300+ different controls that FourKites gets audited annually on by an independent third party.

We can provide you with the relevant reports upon request and subject to a Non Disclosure Agreement being in place. You may make a request by emailing [email protected].

2. FourKites Security Program:

In addition, FourKites has implemented and maintains a full suite of information security policies and other appropriate safeguards and procedures in place which are monitored and updated regularly. See below a high level presentation of the pillars of the FourKites Security Program. Please note that we cannot disclose too detailed information here as we do not want to potentially help those bad actors we are trying to stop. We would be happy to address any further questions your security team may have around our Technical and Organizational Security Measures subject to a Non-Disclosure Agreement being in place.

IT infrastructure – Protection from Data Loss, Corruption

• All databases are kept separate and dedicated to prevent corruption and overlap.
• Infrastructure Security assessments are carried out regularly to report on vulnerabilities and notifications are set.
• We have layers of logic that segregate Customer accounts from each other.
• Customer data is regularly backed up and kept in separate locations (supported by the relevant cloud provider’s approach to redundancy and reliability).
• We continuously monitor and record resource and data configurations for simple compliance auditing, security analysis, change management, and troubleshooting.
• We continuously monitor and retain historical data of API calls for governance, compliance, and risk auditing
• Access and identity management through individual user accounts with unique permissions.
• We maintain confidential disaster recovery and business continuity processes.

Application Level Security

• The Platform and mobile applications (Website and APIs) are secured with SSL encryption.
• We perform regular external security penetration tests on the Platform and all mobile applications. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application.

Employee Checks, Training and Awareness:

• All FourKites employees receive regular training on best security practices, including how to identify social engineering, phishing scams, DDoS attacks and hackers.
• FourKites has established internal reporting mechanisms to appropriate teams.
• FourKites employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and background checks prior to employment as permitted in accordance with applicable laws.

Responsible Disclosures/Vulnerability Reporting

If you believe that you are seeing suspicious activity in relation to the FourKites Platform please email [email protected].