We know that every person and team using our product expects their data to be protected and secure. We understand how important the responsibility of safeguarding this data is to our customers, and we are proud to exceed the industry standard when it comes to protecting your organization.
Every time you update anything in Forecast, your input is encrypted and backed up to multiple data center availability zones. This means that all data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Redundant hosting means you get instant access, no matter where you are. Our systems are engineered to stay up even if multiple servers fail.
Every interaction you have with Forecast is encrypted via HTTPS. This means that whenever your data is in transit between you and us, everything is encrypted, and sent securely. Any files which you upload to us are stored and are encrypted at rest. Any project data (i.e., comments, tasks, and allocations) are encrypted at the database level using AES 256 encryption. Our backups of your data are also encrypted using AES 256.
Today's enterprise Software as a Service (SaaS) is more secure than hosting software in your own basement. We work exclusively with our providers to keep servers and software backed up and patched up. Our software infrastructure is updated regularly with the latest security patches. Forecast runs on a dedicated network which is locked down with firewalls and carefully monitored. There's no such thing as perfect security, BUT we make sure to work with leading security researchers to keep up with the state-of-the-art in web security. In short, we make sure Forecast is always up to date, so you don't have to.
We run Forecast exclusively on the most secure servers available. Data centers are monitored 24/7/365 and live up to the highest levels of software and physical security. Only authorized personnel has access to the data center, and onsite staff provides additional protection against unauthorized entry and security breaches.
Third party security experts test Forecast on a continuous basis. Four times a year, multiple security experts asses the security state of all Forecast applications and environments. This penetration testing includes web, mobile and API coverage of OWASP top 10 security threats and application logic attacks. For our networks and infrastructure, they do external network penetration testing covering best practices (OSSTMM, SANS top 20 security controls, etc.). For our enterprise customers, we also provide a quarterly status report on all penetration testing efforts as well as an audit trail of when the last pen test was completed.
All credit card transactions are processed using secure encryption — the same level of encryption used by leading banks. Card information processing, transmission, and storage of card data comply with the Payment Card Industry Data Security Standards (PCI-DSS). Our payment service provider has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. In short, Forecast lives up to the highest PCI compliance standard ,and we never see (or have access to) your card data at all.
Compliance with and to international law and regulations are very important to us. The GDPR (General Data Protection Regulation) is an essential piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. We fully support the GDPR and you can read more about the Forecast GDPR commitment.