Your Hub for Security and Transparency
The Trust Center showcases our security certifications, demonstrating our commitment to data protection and industry standards compliance.
FraudNet operates on, and believes in, extreme trust principles. Customer trust is of paramount importance to us. To that end, all customer data stored by FraudNet is protected by industry best practices that are continuously monitored and carry strong administrative and operational procedures.
To achieve the high levels of data protection required by our customers, FraudNet maintains a robust and comprehensive multi-level security environment which is mapped against the highest levels of industry compliance. We are a 100% cloud-born service provider encompassing highly sensitive data sets. Therefore, our security measures are also heightened to meet the sensitivity of the data.
Featured Documents
Access Control
Access Management Policy
Zero Trust Architecture
Role-Based Provisioning
Access Control
Access Management Policy
A formal access management policy defines control standards, a user provisioning framework, and principles for granting access.
Zero Trust Architecture
Criticality tiers are designated based on a Zero Trust Model, enforcing multi-factor authentication (MFA) for higher-tier services.
Role-Based Provisioning
Access to systems, applications, and infrastructure is provisioned based on job roles and the least privilege principle.
Role-Based Access Controls
Strict role-based access controls (RBAC) ensure staff access customer data only on a need-to-know basis.
Segregation of Duties
Policies address segregation of duties, including access control reviews, HR-managed security groups, and workflow controls.
Management Approvals and Reviews
Access rights are approved by management and reviewed regularly based on data classification levels.
Technical Controls
VPN and MFA are used for secure access, aligned with the Zero Trust Model architecture.
Device Management
Centrally managed mobile device management (MDM) ensures posture checks, lockout periods, and endpoint security.
Awareness & Training
Comprehensive Training Programs
Role-Specific Training
Training Records and Reminders
Awareness & Training
Comprehensive Training Programs
Security, privacy, and compliance training is conducted at induction and annually in various formats.
Role-Specific Training
Employees with elevated privileges receive targeted training to address specific risks.
Training Records and Reminders
Training records are maintained in a learning management system with automated reminders for deadlines.
Continuous Security Awareness
Contractors and partners are included in regular awareness activities addressing current threats and best practices.
Secure Coding Training
Security champions embedded in engineering teams conduct secure coding workshops.
Audit and Accountability
Logging Standards
Centralized Log Management
Security Audit Log Monitoring
Audit and Accountability
Logging Standards
Logging standards are reviewed annually and approved by senior management.
Centralized Log Management
Logs are securely forwarded to a centralized platform with read-only access.
Security Audit Log Monitoring
Logs are monitored for unusual activity, and anomalies are reviewed and addressed.
Scope Updates
Logging scope is regularly updated to reflect system changes and new features.
Reliable Timekeeping
Time sync services ensure accurate and reliable timestamps across all instances.
Assessment, Authorization, and Monitoring
Policy and Audit Management
Internal and External Audits
Nonconformity Remediation
Assessment, Authorization, and Monitoring
Policy and Audit Management
Policies are reviewed annually, and audits are planned to assess security controls.
Internal and External Audits
Both internal and independent audits evaluate compliance with standards like PCI DSS and SOC 2.
Nonconformity Remediation
Audit findings are systematically addressed with documented root-cause analysis and corrective actions.
Penetration Testing
Annual penetration tests to proactively identify vulnerabilities.
Continuous Vulnerability Scanning
Vulnerabilities are remediated promptly according to company policy.
Configuration Management
Change Management Policies
Baseline Standards
Green Build Process
Configuration Management
Change Management Policies
Policies address risk management for asset changes, encryption, and cryptography.
Baseline Standards
Configuration baselines require documented testing and multiple approvals before implementation.
Green Build Process
Peer reviews and automated testing ensure quality for production code and infrastructure changes.
Emergency Changes
Post-implementation testing and approval processes govern emergency changes.
Intrusion Detection Systems
Automated systems manage and protect against unauthorized changes.
Asset Management
Physical and logical assets are meticulously tracked and reviewed annually.
Contingency Planning
BCDR Plans
Geographic Diversity
Resilience Controls
Contingency Planning
BCDR Plans
Plans define recovery time objectives (RTOs) and recovery point objectives (RPOs).
Geographic Diversity
Operations leverage a global workforce and redundant cloud infrastructure.
Resilience Controls
Daily backups, annual restoration testing, and alternative storage sites bolster resilience.
Disaster Recovery Testing
Quarterly tests and analyses ensure continuous improvement in response strategies.
Identification and Authentication
Unique Employee Identification
Multi-Factor Authentication (MFA)
Password Policies
Identification and Authentication
Unique Employee Identification
Employees are uniquely identified using active directory and single sign-on (SSO).
Multi-Factor Authentication (MFA)
MFA is mandatory for VPNs and critical application access.
Password Policies
Passwords comply with NIST 800-63B guidelines, focusing on secure creation and management.
Security Incident Response
Incident Response Plans
Cross-Functional Teams
Post-Incident Reviews
Security Incident Response
Incident Response Plans
Plans focus on preparedness, containment, eradication, and recovery.
Cross-Functional Teams
Dedicated teams ensure effective communication and collaboration during incidents.
Post-Incident Reviews
High-severity incidents undergo detailed root cause analysis and systemic improvements.
Maintenance
Regular Infrastructure Tests
Continuous Updates
Maintenance
Regular Infrastructure Tests
Infrastructure is tested regularly for availability and reliability.
Continuous Updates
Measures in other sections (e.g., contingency planning) reinforce system effectiveness.
Media Protection
Secure Infrastructure
Bring Your Own Device (BYOD) Policy
Media Protection
Secure Infrastructure
Reliable third-party providers (e.g., AWS) sanitize and encrypt hardware.
Bring Your Own Device (BYOD) Policy
Secure and compliant devices are required to access sensitive data.
Planning
Regulatory Monitoring
Planning
Regulatory Monitoring
Legal and compliance teams track and document regulatory obligations.
Personnel Security
Background Checks
Onboarding and Offboarding
Personnel Security
Background Checks
Pre-hire background checks are conducted to the extent permissible by law.
Onboarding and Offboarding
Processes include confidentiality agreements and automatic de-provisioning of access upon exit.
Risk Assessment
Risk Management Program
Risk Assessment
Risk Management Program
Continuous risk assessments identify, evaluate, and address risks.
System & Services Acquisition
Secure SDLC
System & Services Acquisition
Secure SDLC
An agile software development lifecycle (SDLC) ensures adaptability and efficiency.
System and Communications Protection
Encryption
System and Communications Protection
Encryption
Customer data is encrypted at rest and in transit using industry-standard methods (e.g., TLS 1.2+).
Supply Chain Risk Management
Vendor Risk Management
Supply Chain Risk Management
Vendor Risk Management
A formal framework ensures suppliers adhere to strict security and confidentiality standards.
Answers to Your Cybersecurity Questions
Find clear and concise answers to common questions about our services, security practices, and how we protect your business.
1. What is your approach to access control?
We follow a formal Access Management Policy based on the Zero Trust Architecture. This includes multi-factor authentication (MFA) for critical systems, strict Role-Based Access Controls (RBAC), and the principle of least privilege. Access rights are reviewed regularly and approved by management to ensure compliance with data classification policies.
2. How do you ensure employees are trained on security best practices?
We provide comprehensive training programs covering security, privacy, and compliance topics during onboarding and annually thereafter. Employees in sensitive roles receive role-specific training. Training records are maintained, and automated reminders ensure timely completion. Security awareness extends to contractors and partners to address emerging threats.
3. What mechanisms do you have for auditing and accountability?
We implement centralized log management with read-only access and monitor logs for anomalies. Logs are reviewed regularly as part of our logging standards, which are updated annually. Internal and external audits, including penetration tests, assess compliance with frameworks like PCI DSS and SOC 2. Findings are remediated through root-cause analysis and corrective actions.
4. How do you manage changes to your systems and configurations?
We enforce strict change management policies, requiring documented risk assessments, testing, and approvals for changes. Our baseline standards ensure secure configurations, while emergency changes undergo post-implementation reviews. Automated intrusion detection systems protect against unauthorized changes.
5. What is your disaster recovery and business continuity strategy?
Our BCDR plans define recovery time objectives (RTOs) and recovery point objectives (RPOs). We utilize geographically diverse cloud infrastructure and perform daily backups with annual restoration testing. Quarterly disaster recovery tests ensure continuous improvement in resilience and response strategies.
6. What identification and authentication methods do you use?
We require unique employee identification through active directory and single sign-on (SSO). MFA is mandatory for VPNs and critical application access. Passwords adhere to NIST 800-63B guidelines for secure creation and management.
7. How do you handle security incidents?
Our Incident Response Plans focus on containment, eradication, and recovery. Cross-functional teams ensure collaboration during incidents. Post-incident reviews are conducted for high-severity incidents, including detailed root-cause analysis and systemic improvements.
8. What encryption standards do you use for data protection?
We encrypt customer data at rest and in transit using industry-standard protocols, such as TLS 1.2+. Our secure infrastructure, provided by reliable third-party vendors like AWS, ensures consistent application of encryption and security measures.
9. How do you assess and manage risks in your supply chain?
We adhere to a Vendor Risk Management framework that ensures suppliers comply with strict security and confidentiality requirements. This includes regular assessments and monitoring to mitigate supply chain risks.
10. How do you ensure secure software development practices?
We follow a secure software development lifecycle (SDLC) aligned with agile principles. Peer reviews, automated testing, and configuration management ensure the security and quality of production code. Additionally, secure coding training is conducted for engineering teams.