Uncompromising Data Protection
Your data is protected by the highest standards of security.
- All user access to Flightdocs is continually and automatically logged.
- The access logs are retained for at least one year and periodically audited.
- The applications are monitored for security and data breaches.
- The system status page lists availability, maintenance, and security events.
- Flightdocs maintains a formal incident response plan for major events.
- The web application implementation follows OWASP guidelines.
- Signing in requires strong passwords and multi-factor authentication.
- User passwords are stored salted and irreversibly hashed.
- Administrators can easily review user sign-ins and account changes.
- Vulnerability scans and penetration tests are performed regularly.
System & Data Security
- SOC Type II Certified, the highest of all SaaS certifications available.
- US-based SSAE18 data centers with state-of-the-art security.
- Deployed on Amazon Web Services with multiple geo-replicated backups.
- 256-bit SSL encryption and protection against SQL and XSS exploits.
- Continuous 24/7/365 system monitoring and 99.99% SLA uptime.
Secure Development Life Cycle
All software development is done through a documented SDLC process. The design of all new product functionality is reviewed by a security team that conducts code reviews for all code changes, from architecture to sensitive code.
Flightdocs actively supports and encourages continual secure code training for our fully US-based product development team. This training covers OWASP Top 10 security flaws, common attack vectors, and Flightdocs security controls.
Secure Data Network Access
Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the production system is restricted to authorized personnel, and is carried out using VPN with Active Directory authentication.
All Flightdocs servers are located within the Flightdocs Virtual Private Cloud (VPC) and are fully protected by restricted security groups, allowing only the minimal required communication to and between the VPC servers.
Delivering Innovative, Powerful, and Secure Technology
Continuous investment in our products and infrastructure ensures you have the most advanced tools for managing your operation, while giving you peace of mind that your data is secure and accessible at all times.
Our commitment to the evolution of our products starts with our 100% US-based product development team. We work closely with operations of all shapes and sizes in order to build easy to use yet powerful solutions.
100% US Based
SOC 2 Certified
The Flightdocs information security practices, policies, and procedures officially meet the SOC 2 trust principles criteria for security, availability, processing integrity, and confidentiality. SOC 2 is a third-party auditing program that ensures a service provider securely manages data to protect the interests of its clients.
For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider. As a part of all SOC 2 Examinations, our external auditor confirms that Flightdocs has formally documented policies and procedures relating to our information security program.
Frequently Asked Questions
Get answers to our top questions around security, reliability, privacy, and compliance.
Flightdocs’ information security practices, policies, and procedures are officially approved to meet the SOC 2 trust principles criteria for security, availability, processing integrity, and confidentiality.
- Flightdocs provides audit logs when users access data and for administrator activities
- Flightdocs provides roles-based access control for administrator activity and to sensitive data
Yes. Flightdocs maintains a publicly available system-status web page which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Yes. In addition, user passwords are salted, irreversibly hashed, and stored in Flightdocs’ database.
We have put a great deal of work into something we call our Flightdocs Control Framework (ACF), which combines the controls from external regulatory requirements and industry standards. We utilize this framework to implement controls internally and use external companies to evaluate and validate the implementation and operation of our controls. You can view the status of any of our certifications or reports on our Compliance page.
Flightdocs can provide a standard documentation package for customers outlining our Information Security Program.
Flightdocs encrypts customer data in transit and at rest. All customer data stored within Flightdocs cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.1+ with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification. Data drives on servers holding customer data and attachments in FDE use full disk, industry-standard AES-256 encryption at rest.
Yes, all Flightdocs Cloud systems only use TLS, along with PFS, for communication. In line with Industry standards, we have removed support for SSL 3.
We have an extensive security program that includes ongoing testing of our our hosted systems and products. We also undertake third party independent assessments of our Cloud products. Our primary testing approach is through our public bug bounty for all of our cloud products and our server products.
If you discovered a vulnerability in one of our products, we appreciate if you let us know so we can get it fixed ASAP.
Flightdocs will absolutely complete questionnaires to ensure transparency and ensure the requester understands the total Flightdocs commitment to security and integrity. We have compiled responses to some of the most frequent standard questions and also proactively provide the standard Information Security Program.
Here at Flightdocs, we try our best to ensure our customers don’t experience an outage or a security incident. However, we acknowledge that a security incident has the potential to happen. The standard Flightdocs Information Security Program documents the Flightdocs procedures during a security incident.