Article overview:
At Filestage, we understand the importance and sensitivity of your data. We, therefore, continuously assess and improve our security mechanisms through internal and external audits and react immediately to current changes in order to guarantee the security of the application, the data, our users, and our customers.
Secure by Design
At Filestage, we believe that strong protection of customer data is done best when the whole organization is in full alignment. Therefore, the security team at Filestage has been part of the development process since the very beginning. This allows our security team to identify any potential security issues before they happen. More than that, our security team trains, supports and audits team members to ensure high security and data protection. In addition, Filestage conducts regular third-party network and application penetration tests. |
Organizational Security
The Filestage security program is built in line with the ISO 2700x standard, with controls related to the NIST framework and in compliance with European and German privacy regulations. Our security team implements and maintains appropriate controls to protect customer and company data. Specific areas of focus are our network, database, system, and application security but also 24x7 monitoring, alerting, risk management, and compliance. Data at TransitAll data transmitted to and from the Filestage platform is protected using Transport Layer Security encryption. Filestage utilizes the strongest available encryptions, including TLS v1.2 and TLS v1.3. Data at RestAll files, personal data, authentication data, and session tokens are encrypted at rest using AES 256-bit encryption. This corresponds to the security standard of German banks. |
Network and Server Security
Distributed Denial of Service (DDoS) ProtectionFilestage uses best-in-class DDoS protection services that auto-detect network attacks. These services protect the platform from availability disruptions. More than that, they identify and prevent brute force attacks to keep your account credentials safe and secure. Web Application Firewall (WAF)The Filestage platform and all the usage and personal data are also protected by an enhanced Web Application Firewall. This Firewall detects and blocks suspicious activities based on IP, HTTP Headers, Payloads, and URL strings. Intrusion Detection and PreventionThe Filestage platform is protected by industry-leading network and host-based security monitoring tools, designed to detect and prevent malicious access to our customers’ data. |
Employee Access Control
ProvisioningIn order to reduce the risk of data exposure, Filestage adheres to the principle of least privilege and role-based access control. As a result, employees only have access to data and systems that are required to fulfill ownership. AuthenticationFilestage secures production access of all employees by Multi-Factor Authentication. This reduces the likelihood of unauthorized or compromised user accounts accessing customer data. |
Continuous Monitoring
Filestage monitors all production networks, systems, containers, and applications for suspicious and unusual behavior. Administrative access, privileged commands, and system calls are logged. These logs are analyzed in real-time to detect and alert on potential issues. Application access logs are retained for at least 14 days, system logs for at least 12 months for forensic analysis. Access to production logs is restricted to security personnel for maintenance purposes. |
Backups, Data Retention and Disposal
Client data is retained for the entire duration of the license agreement. After expiry of the license agreement or earlier upon request, customer data will only be destroyed or anonymized if the account is deleted. Backups are generated, hourly with retention of 2 days, weekly with retention of 4 weeks, and monthly with retention of 12 months. Backups that contain recently deleted data will be purged aligned with GDPR. |
Incident Response
Filestage has established a sophisticated Security Incident Response Framework to report and respond to potential security incidents. Security incidents are reviewed by our IT security team and escalated to the appropriate management depending on analysis, validation and severity. In the event of a security incident that has an impact on the customer, affected customers are notified by our customer support team via email aligned with GDPR. |
Disaster Recovery and Business Continuity
Filestage uses a world-class hosting provider that distributes the platform operations across multiple availability zones. This protects Filestage platform availability from outages caused by insufficient power infrastructure, loss of network connectivity, and inadequate environmental controls. |
User Authentication and Access
Local AuthenticationCustomers that use the local authentication method use a combination of a unique email and password. To encourage strong protection, the password policy requires a password strength of at least 8 characters. To encourage the use of strong passwords, Filestage requires a complex 8-character password. Single Sign-On (SSO)Single Sign-On empowers customers to provide a seamless user experience when accessing the Filestage platform as well as effortless enforcement of company security requirements through authentication rules. Thus, the Filestage platform supports a broad variety of SSO providers (social, enterprise, legal) and protocols. Learn more about supported SSO providers/protocols. File Access ControlsSharing and commenting on files is a key part of the Filestage approval workflow. Filestage offers fine granular and customizable controls to empower customers with the security and access control they need - without interrupting the approval workflow. |
Compliance
General Data Protection Regulation (GDRP)Filestage is GDPR-compliant and our processes are regularly checked by external auditors. Thus, by using the Filestage platform you meet all requirements of the General Data Protection Regulation (GDPR). You can find out more in our data privacy policy. Vendor ManagementFilestage uses selected services and service providers (subcontractors) to maintain its general business operations. These service providers have limited access to selected personal data. Filestage assesses the security of subcontractors in accordance with the GDPR. Data OwnershipYou retain full ownership and control over your files and your data at all times. For more information please visit our terms & conditions. ISO, SOC, and othersFilestage uses the data centers of the world's leading hosting provider. The third-party provider is ISO, SOC, TISAX, FedRamp and PCI certified and complies with numerous regulations and data protection standards such as HIPAA, HITECH, GLBA, EU Data Protection Directive, EU-US Privacy Shield, FISMA and many more. |
Need help?
As part of the Filestage Enterprise Licence, we are happy to support you with implementation and any questions regarding compliance, data and IT security. If you need help, send us your request via support@filestage.io or contact your Account Executive directly.