1. Home
  2. Product and Data Security Compliance

Product and Data Security Compliance

◷ Reading Time: 6 minutes

In this article, we are answering common questions regarding FlexRule’s product and data security compliance.

However, most of the security standards are not applicable to FlexRule since FlexRule is not a SaaS provider.

Information Security & Compliance

Do you provide tenants with documentation describing your Information Security Management Program (ISMP)?Not Applicable
Do your information security and privacy policies align with these industry standards: (ISO-27001, ISO-22307, CoBIT, Information Security Regulation (ISR), ADSIC, NESA and so forth)?Not Applicable
Do you have documented information security baselines for every component of your infrastructure (ex. Hypervisors, operating systems, routers, DNS servers, and so on)?Not Applicable
Do you have a capability to continuously monitor and report the compliance of your infrastructure against your information security baselines?Not Applicable
Do you document how you grant and approve access to tenant data?Not Applicable
If users are found to have inappropriate entitlements, are all remediation and certification actions recorded?Not Applicable
Do your data management policies and procedures include a tamper audit or software integrity function for unauthorized access to tenant data?Not Applicable
Do you have a capability to allow creation of unique encryption keys per tenant?Not Applicable
Do you encrypt tenant data at rest (on disk/storage) within your environment? Do you also provide encryption for data in motion and if so the grade/type of encryption deployed?Not Applicable
Does your security information and event management (SIEM) system merge data sources (app logs, firewall logs, IDS logs, physical access logs, and so forth) for granular analysis and alerting? Not Applicable
Is your Privacy Policy aligned with industry standards?Not Applicable
Are controls in place to prevent unauthorized access to your application, program or object source code, and assure it is restricted to authorized personnel only?Yes. The users require to have a valid login to use FlexRule.
Are policies and procedures established and mechanisms implemented to protect network environment perimeter and configured to restrict unauthorized traffic?Not Applicable
Will you Blacklist or block any malicious user directly trying to brute force Customer through your cloud if cloud identities are used?Not Applicable
Do you produce audit assertions using a structured, industry accepted format that is viewable by customers?Not Applicable
Do you conduct network/Application/Internal/External penetration tests of your cloud service infrastructure regularly as prescribed by industry best practices and guidance? Not Applicable
Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?Not Applicable
Do you have the ability to logically segment or encrypt customer data such that data may be produced for a single tenant only, without inadvertently accessing another tenant’s data?Not Applicable
Do you have policies and procedures in place describing what controls you have in place to protect tenants’ intellectual property?Not Applicable
Do you provide tenants with documentation describing your Information Security Management Program (ISMP)?Not Applicable
Does your solution/platform support End-User Key Management?Not Applicable

Ownership and Security

Who has the ownership of the data that we might hold in your systems?FlexRule does not hold data in the system.
If your platform is a Multi-tenant architecture describe how you can ensure that no data bleed happens between companies on your systems?Not Applicable
Describe the granularity of roles and the level of access each role has?Different access levels can be defined for the users.
https://resource.flexrule.com/article-categories/access-permissions/
What is your Security model from both application access and database?Not Applicable
Describe your audit capability in terms of user and data activity?Not Applicable
Can you restrict access to certain audit and logging views to certain users/ user groups?Different access levels can be defined for the users.
https://resource.flexrule.com/article-categories/access-permissions/
What is the retention period for audit/activity logging? Not Applicable
What is the retention period for collaboration data? Not Applicable
What is the data allowance comprised of? (i.e. audit, collaboration, data, activity, logging)Not Applicable
Can we select/ configure the physical data center location where our data is held? For example to meet with data and USA regulations?Not Applicable
Describe any support you have for Single-Sign on?Does not support single sign on.
Do you support native synchronized in-app user/group provisioning capabilities (through API or built in engines) or require additional customization?Not Applicable
Describe if the system supports two-part authentication (e.g. SAML) and support use of RSA SecureID tokens or equivalent for access outside the our company internal networks?Not Applicable
Users of the system will be in the our company Okta single sign on, describe how you will authenticate users?Not Applicable
How does your software support multiple user directories or IDP’s?Not Applicable
Is any role-based security capability Lightweight Directory Access Protocol (LDAP) compliant to enable control and management of our company directories? Not Applicable
How the system might automatically suspend/remove accounts based on removal from our company directories?Not Applicable
How a user can be set up and assigned various access rights? In FlexRule Server you can define access to different roles
https://resource.flexrule.com/knowledge-base/set-the-ownership-of-package/
https://resource.flexrule.com/knowledge-base/roles/
What are your authentication approaches?User login with credentials
How to restrict access to any private network?Not Applicable
How do you restrict access to certain content or functional areas to certain roles? In FlexRule Server you can define access to different roles
https://resource.flexrule.com/knowledge-base/set-the-ownership-of-package/
https://resource.flexrule.com/knowledge-base/roles/
What security accreditations do you hold as a clound-based platform?Users require username and password along with a valid license to access any product and it is an annual subscription.
What are the Quality accreditation you have?Not Applicable
Can we carry out periodic Penetration/Performance/Benchmark Testing?Not Applicable
Is your site OWASP (Open Web Application Security Project) compliant and what measures do you take against malicious attacks (Denial of Service, Cross Site Scripting and so forth)?Not Applicable
Any limitations on the number of organisations/ users we could set up within your system?Not Applicable
Is access to the cloud service encrypted (user and API)?Not Applicable

Reporting Vulnerabilities

You can contact us via support@flexrule.com.

Updated on October 21, 2021

Was this article helpful?