Security at Fluid Topics is embedded across the company and an integral part of how we develop our software. It is designed to cover all security aspects within the company from software development to SaaS operations to corporate information technology security.
Fluid Topics incorporates leading security technologies and modern open standards to provide users with the confidence that their data and analyses are secure.
Secure Software Development
- Security is at the heart of everything we do. Our goal is always to provide customers with secure products and services. Our security team works hand in hand with the development teams to ensure our solutions are defended from internal and external security threats. Each team has one or several security referents, who are part of a Security Guild. We employ third-party security tooling to continuously scan our software, workstations and servers against common security risks.
Separation of Environments
- Testing and staging environments are separated from the production environment. No production data is used in our development or test environments.
- Fluid Topics is a multi-tenant web application. Customer databases are separated from each other. Customer file storage and other systems that handle data are secured by application logic that ensures that only the relevant customer is granted access.
- We will notify customers in advance of any major changes that will cause service downtime. Our team will frequently update the system with upgrades, bug fixes, and patches, with no downtime or customer impact. In the rare event where the customer might be affected, he will be notified by email and/or our helpdesk tool.
ISO 27001 Certification
- Antidot has achieved ISO 27001:2013 certification for Fluid Topics demonstrating the company’s commitment to the highest level of internal compliance and security.Being ISO 27001 certified guarantees that we’ve achieved the highest security level and is a testament to the fact that we prioritize data security for its clients, investors, partners, and employees.
- ► All data is rigorously protected
- ► Risks and vulnerabilities are assessed, minimized, and eliminated
- ► Our software product and infrastructure are robust and secure
- ► We have an internal culture of security, so all employees prioritize information security by design
- ► We demonstrate operational excellence when it comes to our IT, R&D, HR, and information processes
- You can view our certificate here.
- We operate data centers in the United States, Europe, Asia. If requested, customer data can reside in Europe only.
- We have configured networks with a security architecture that consists of multiple security zones. Databases, application servers, source code and CI/CD tooling are protected in our most trusted zones. Depending on the zone, additional security monitoring and access controls are applied.
- Penetration tests are performed regularly by an independent third party. Any issue reported after these pentests is immediately assessed; if a fix is required then it is dealt with using the highest priority possible.
Intrusion Detection and Prevention
- We use intrusion detection and prevention measures to detect malicious behaviors, this includes alerting administrators of malicious activity and policy violations, as well as identifying and taking action against attacks.
Incident Detection and Response
- Security events and incidents are managed through a dedicated team. Response to security issues are led by an Incident Response Coordinator. Incident response plans are tested regularly. A Blameless Post Mortem meeting is organized after every incident. In case of major technical breakdowns there is a tested disaster recovery process.
- We have an established Business Continuity Plan.
Encryption (At Rest and in Transit)
- All communication to and from the Fluid Topics service is encrypted with AES-256 encryption and TLS 1.3 (or 1.2 if access from older devices is required).
- We have defined processes and procedures for managing and assessing information systems and operational security risks. Regular assessments are performed to identify and assess the likelihood and impact relating to risks. These risks can include those regarding unauthorized access, use, disclosure, or disruption to Fluid Topics systems and customers. Risks are categorized in accordance with a formally documented procedure.
- We are subject to several audits each year, both internal and external, to ensure security is upheld and continuously improved.
Legal and Regulatory Compliance
- We are committed to maintaining compliance with all regulatory, legislative, and contractual requirements and continually assess relevant rules and legislations affecting our business.
- Non-disclosure agreements are signed with all employees and relevant third parties before gaining access to sensitive information. The NDAs are valid during and after contract termination.
- Participation in Fluid Topics’ Security training is mandatory for all employees. Personnel whose roles may bring them into contact with customer data are also required to undertake additional training.
- Access control is based on job function and in line with the principle of least privilege. An extensive Access control review is performed quarterly. Employees exiting Fluid Topics have all external access removed on the day they leave the company (other credentials requiring internal access removed within 1 business day).