Uncompromising Data Protection
Your data is protected by the highest standards of security.
- All user access to Flightdocs is continually and automatically logged.
- Access logs are retained for at least a year and periodically audited.
- Applications are monitored for security and data breaches.
- System status page lists availability, maintenance, and security events.
- Flightdocs maintains a formal incident response plan for major events.
- The web application implementation follows OWASP guidelines.
- Requires strong passwords and MFA with optional single sign-on.
- User passwords are stored salted and irreversibly hashed.
- Administrators can easily review user sign-ins and account changes.
- Vulnerability scans and penetration tests are performed regularly.
System & Data Security
- SOC Type II Certified, the highest of all SaaS certifications available.
- US-based SSAE18 data centers with state-of-the-art security.
- Deployed on Amazon Web Services with multiple geo-replicated backups.
- 256-bit SSL encryption and protection against SQL and XSS exploits.
- Continuous 24/7/365 system monitoring and 99.99% SLA uptime.
Secure Development Life Cycle
All software development is done through a documented SDLC process. The design of all new product functionality is reviewed by a security team that conducts code reviews for all code changes, from architecture to sensitive code.
Flightdocs actively supports and encourages continual secure code training for our fully US-based product development team. This training covers OWASP Top 10 security flaws, common attack vectors, and Flightdocs security controls.
Secure Data Network Access
Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the production system is restricted to authorized personnel, and is carried out using VPN with Active Directory authentication.
All Flightdocs servers are located within the Flightdocs Virtual Private Cloud (VPC) and are fully protected by restricted security groups, allowing only the minimal required communication to and between the VPC servers.
Delivering Innovative, Powerful, and Secure Technology
Continuous investment in our products and infrastructure ensures you have the most advanced tools for managing your operation, while giving you peace of mind that your data is secure and accessible at all times.
Our commitment to the evolution of our products starts with our 100% US-based product development team. We work closely with operations of all shapes and sizes in order to build easy to use yet powerful solutions.
100% US Based
SOC 2 Certified
The Flightdocs information security practices, policies, and procedures officially meet the SOC 2 trust principles criteria for security, availability, processing integrity, and confidentiality. SOC 2 is a third-party auditing program that ensures a service provider securely manages data to protect the interests of its clients.
For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider. As a part of all SOC 2 Examinations, our external auditor confirms that Flightdocs has formally documented policies and procedures relating to our information security program.
Frequently Asked Questions
Get answers to our top questions around security, reliability, privacy, and compliance.
Flightdocs’ information security practices, policies, and procedures are officially approved to meet the SOC 2 trust principles criteria for security, availability, processing integrity, and confidentiality.
- Flightdocs provides audit logs when users access data and for administrator activities
- Flightdocs provides roles-based access control for administrator activity and to sensitive data
Yes. Flightdocs maintains a publicly available system-status web page which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Yes. In addition, user passwords are salted, irreversibly hashed, and stored in Flightdocs’ database.
We have put a great deal of work into something we call our Flightdocs Control Framework (ACF), which combines the controls from external regulatory requirements and industry standards. We utilize this framework to implement controls internally and use external companies to evaluate and validate the implementation and operation of our controls. You can view the status of any of our certifications or reports on our Compliance page.
Flightdocs can provide a standard documentation package for customers outlining our Information Security Program.
Flightdocs encrypts customer data in transit and at rest. All customer data stored within Flightdocs cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.1+ with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification. Data drives on servers holding customer data and attachments in FDE use full disk, industry-standard AES-256 encryption at rest.
Yes, all Flightdocs Cloud systems only use TLS, along with PFS, for communication. In line with Industry standards, we have removed support for SSL 3.
We have an extensive security program that includes ongoing testing of our our hosted systems and products. We also undertake third party independent assessments of our Cloud products. Our primary testing approach is through our public bug bounty for all of our cloud products and our server products.
If you discovered a vulnerability in one of our products, we appreciate if you let us know so we can get it fixed ASAP.
Flightdocs will absolutely complete questionnaires to ensure transparency and ensure the requester understands the total Flightdocs commitment to security and integrity. We have compiled responses to some of the most frequent standard questions and also proactively provide the standard Information Security Program.
Here at Flightdocs, we try our best to ensure our customers don’t experience an outage or a security incident. However, we acknowledge that a security incident has the potential to happen. The standard Flightdocs Information Security Program documents the Flightdocs procedures during a security incident.
This is when users enter their username in Enterprise and Enterprise redirects them to the IdP sign-in page.
This is when users go to their company portal and click the Enterprise app there to access it without additional signing in.
An IdP, such as Microsoft® Active Directory, Azure AD, or LDAP, that supports either SAML 2.0 or OIDC protocols.
No. All user accounts must be created in Enterprise before a user can sign in with SSO.
No. We support artifact, but do not require it. We also support http post and http redirect.
We support but do not require encryption. We utilize HTTPS URLs for all posts and redirects on both sides but it is not a requirement.
No. Permissions are 100% managed inside of Enterprise. The IdP will be responsible for identifying users and granting them access through perimeter security.
There is flexibility in how mapping is achieved. The ideal mapping configuration is established through a collaboration between Flightdocs and you. To establish an initial mapping, the first time a user signs in, we map from the IdP name identifier attribute to Enterpise username. The attribute we map to is configurable per customer.
Yes. We provide a sandbox environment in which SSO can be tested and validated.
Yes. We support SP-initiated SSO in the mobile apps. The IdP-hosted web interface facilitates the SSO process.
Yes. We support all modern and secure Microsoft.net encryption protocols.