Security Vetting

I love Fibery however I am hesitant to recommend it to some of my customers in the more regulated industries because I know how stringent their security vetting procedures are for Saas products. By vetting I mean where the data is stored, pen testing procedures, who has access to the code and any documents stored within Fibery. There are many other questions and check points that such vetting procedures delve into.
Some other key areas are:

  • Review SaaS patching policies
  • Check alignment of SaaS and internal security controls
  • Identity and access management (IAM)
  • Encryption and key management
  • Security monitoring
  • Make sure you own your data
  • Ensure the SaaS provider complies with relevant regulations
  • Know where the data is stored
  • Check for data loss or corruption provisions
  • Identify sub-services the SaaS provider uses
  • Review SaaS provider’s third-party audits

Do you have the answer to such questions so that regulated industries can move forward with Fibery?

Hi, Paul!
Your suggestion definitely make sense and that is always a challenge is we speak about a specific domain.
I think the best overview you can check here

These things were written by a human, so if you have some specific questions not covered with those articles - we would be glad to provide a transparent answer.

And if we’re talking about certificates like HIPAA compliance - that is not smth we’re focused on right now. But you can also share with us your feedback and requests and that would be noted :muscle: