Information Security Program
Files.com maintains an Information Security Program (InfoSec) that governs both our platform and our internal company operations. The program is built on the SSAE-18 SOC 2 Trust Services Criteria and the COBIT 5 Framework, and is reviewed continuously against evolving security and compliance requirements.
We have completed multiple SOC 2 Type II audits with independent auditor Kirkpatrick Price. The latest report is available to customers and qualified prospects under NDA.
Core Objectives
The InfoSec Program supports:
- Business objectives and operational integrity
- Security requirements, including identity and access management (IAM), encryption, and continuous monitoring
- Regulatory and compliance obligations across multiple jurisdictions
Governance and Oversight
The program is reviewed as part of our annual SOC 2 audit cycle.
A dedicated Security Team, led by Chief Information Security Officer Sean E. Smith (HCISPP, CISM, CISSP), oversees the program.
Our CISO and General Counsel attend continuing education programs on a regular basis so that legal, regulatory, and contractual obligations remain current.
Roles and Responsibilities
Security roles and responsibilities are defined and assigned across the company.
The Security Team works with stakeholders across engineering, operations, and customer support to maintain program integrity, and participates in all major architectural reviews and project planning efforts.
Internal Security Policies and Documentation
Files.com maintains an extensive library of internal security documentation, including policies, procedures, standards, and guidelines that govern our operations. This documentation is proprietary and not shared externally. It is reviewed annually and audited as part of our SOC 2 compliance process.
Key coverage areas include:
- Access and identity management
- Asset and inventory control
- Business continuity and disaster recovery
- Change management
- Data classification, retention, and encryption
- Incident response and vulnerability management
- Risk management and third-party oversight
Documents are updated immediately when changes are required, and the updates are communicated internally as part of our governance cycle.
Training
All employees and contractors complete mandatory onboarding training covering:
- The Information Security Program
- Acceptable Use Policy
- Work From Home Policy
- Privacy and Data Protection
- Data Breach
- Social Engineering
Annual refresher training is required for all staff, and role-specific security training is provided as needed.
Asset Inventory Review
We conduct a quarterly asset inventory review as part of our Risk Management Program, covering both software and hardware asset listings.
Customer Access to Security Information
Proprietary internal security documentation is not shared externally. Customers may request our most recent SOC 2 Type II report under NDA.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes