Fibery Cloud Security Statement

Overview

Fibery SaaS Cloud uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers and services are hosted at IBM Cloud and Amazon AWS, a world-class hosting services companies. Fibery is responsible for monitoring, managing and securing Fibery Cloud.

Facilities

Data locations for Fibery clusters are:

Certification and compliance

IBM Cloud and Amazon AWS security procedures are based on industry best practices, confirmed by certificates including (but not limited to): ISO 27001, ISO 27018 and PCI DSS. Respective information is available at https://www.ibm.com/cloud/compliance  and https://aws.amazon.com/compliance/ . Fibery is using and following processes and practices from applicable NIST SP 800 publications, i.e. SP 800-53 as well as ISO27001, additional information and documents can be provided per request.

Fibery data handling and processing is compliant with GDPR, additional information is available in Privacy Policy and Terms of Service.

Customer Data Segregation

Each Fibery account space is an isolated within its own data, so no one can access your account from another application. Each user in any Fibery Cloud has a unique username and password. After authentication, any request to the Fibery server is strictly tied to user identity. This keeps your data private, secure and protected. Regular (at least quarterly) vulnerability scans and security reviews to ensure proper data segregation and user authentication are performed.

Data Storage and Security

Network Security Highlights

Server Security

Workstations security

Workstations are centrally managed by AD Group Policy with password complexity requirements, forced sleep after 30 minutes of inactivity, and complete Endpoint Protection suite from top-tier vendor installed with forced daily scans and all modules enabled. VPN connections to corporate resources are available to a limited number of users and are logged and monitored for suspicious activity.

Data Retention

Uploaded Data is retained indefinitely while you are our customer. At the end of Service Term your Data will be removed within 180 days. Alternatively, it may be removed immediately per request.

Backups

All transaction logs and database backup files are stored in object storage in two geographically distributed. Backups are encrypted with strong AES256 encryption, encryption key is stored in a secure vault. All backups are fully rotated every 180 days.

Disaster Recovery

Fibery services run on multi-node highly available clusters to ensure exceptional uptime and availability. Fibery infrastructure team has a disaster recovery process in place and it is tested on a regular basis.