Data in transit is protected by SHA-2 certificates over SHA-256/AES-128 connections. Data is encrypted at rest with AES-256, block-level storage encryption on Amazon Web Services.
Fieldguide utilizes a secure, highly available database architecture, including leader-follower databases, automatic failover, Write-Ahead Logging, and point-in-time and snapshot-based rollback capabilities.
All Fieldguide accounts utilize multi-factor authentication and require strong passwords that meet OWASP and IRS standards.
Fieldguide works with large organizations performing mission critical
audit and compliance work. Our platform is architected for high
availability, ensuring it's there to support your organization when you
need it.
Fieldguide's cloud infrastructure is hosted and managed on Amazon Web Service (AWS)'s secure data centers in the United States that have been certified under: ISO 27001, SOC 1, SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
Application monitoring and alerting runs 24/7 on Fieldguide's systems, ensuring errors and performance anomalies are identified and addressed.
Fieldguide offers a financially-backed SLA of 99.9% uptime, ensuring your organization can count on our products when you need them.
Fieldguide develops Business Continuity Playbooks to plan for adverse business events. It runs through each playbook on at least a quarterly basis as part of a simulated testing process.
Incidents go through four phases: Investigation & Diagnosis, Notification Strategy, Containment, and Eradication. All incidents result in the creation of a Root Cause Analysis (RCA) report.
Significant changes to the platform are controlled via a Change Control document that covers all aspect of the change, as well as necessary internal and external communications.
Fieldguide follows a Software Development Lifecycle (SDLC) that outlines activities across the following phases: Planning, Design, Development, Deployment, Vulnerability Management.
Fieldguide offers a Data Processing Addendum and adheres to Standard Contractual Clauses as a means to transfer data from the EU to the US. More information on Fieldguide's data privacy with respect to GDPR and CCPA can be found in our Privacy Policy.
Your organization owns its data. Fieldguide makes it easy to export data in standard formats. Data deletion requests can be directed to privacy@fieldguide.io.
Fieldguide does not sell or share your data with 3rd parties. A limited number of data subprocessors are used to support certain Fieldguide operations and services, based on principles of least-necessary access.
Fieldguide completes a SOC 2 (System and Organization Controls) Type 2 examination by a 3rd party audit firm on an annual basis. This report focuses on the security, availability, and confidentiality of its platform. Fieldguide's latest report is effective as of April 30, 2023.
Fieldguide regularly monitors its formal compliance initiatives and considers additional certifications on an as-needed basis.
