- Crossfire’s web applications use encrypted communication
- Crossfire’s API’s use industry standard authentication
- Crossfire’s offers secure options for data exchange, these include SSH tunnels and SSL/TLS encryption.
- Crossfire’s integrations use the minimum permissions that are required to access the data they require.
- Crossfire’s servers are hosted in Amazon Web Services, which provides assurances for their physical and virtualized computing environments including SOC 1, 2, and 3, and ISO/IEC 27001.
- Crossfire operates within an Amazon Virtual Private Cloud (VPC), with subnets segregated by security level, and firewalls configured to restrict network access.
- Crossfire performs frequent pen testing and regular security updates.
- All staff are trained in keeping data safe and mandates policies that protect data
- We monitor application logs, system logs, data access logs for unusual behaviour and have alerts in place based on these monitors
- All staff are background checked
- Our extensive security policy documents our procedures for handling incidents, which includes notifying our customers in the event of a verified breach.
- All passwords and access tokens are encrypted
- All non-essential data is removed after 90 days
While we continuously focus on doing our part to maintain high standards for security and complying with regulations, you also have a role to play in helping to ensure the security of your data. As a data connectivity tool, our customers connect to a number of organisations and other parties are responsible for their own data security.
Compliance and Regulations
We are an independently audited and certified ISO 27001 organisation. This provides an industry wide understanding that a company adheres to trusted security principles.
For details of our ISO 27001 certification, please contact us.
We comply with the European Union’s General Data Protection Regulation, which governs data protection and privacy for all individuals citizens of the European Union and the European Economic Area.
We have incident response policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues. As part of our incident response procedures, we have trained our teams to:
- Promptly respond to alerts of potential incidents
- Determine the severity of the incident
- Analyze and assess the extent of the incident
- If necessary, execute mitigation and containment measures
- Communicate with relevant internal and external stakeholders, including notifying affected customers so as to comply with relevant laws and regulations and meet contractual obligations around breach or incident notifications
- Gather and preserve evidence for investigative efforts