We understand that many businesses are requiring more information of their SaaS and cloud vendors than ever before. We support these efforts and we do the same of our vendors.
We have assisted customers with different attestation standards such as SOC 1, SOC 2 , SOC 3, PCI-DSS, HIPAA, CSA Star and ISO 27001. We are familiar with the attestation process and can provide the information customers require from their neutral third-party assessors.
Action Verb is currently undergoing a SOC 2 audit engagement ourselves. Once completed, customers will be able to utilize our SOC 2 report. We estimate that we will have this report complete within 1-2 quarters. We are also able to provide an engagement letter now so you know that we are in process.
We have developed a specialized team within our Customer Success team to handle these customer audit requests.
Customers on our Enterprise Premier plan receive full access to this team at no additional charge, up to a reasonable limit per year.
Customers on our Enterprise team receive access to this team for initial onboarding, up to a reasonable limit.
For our customers on our Small Business or Business plans, we encourage you to read the rest of the Security and Compliance pages on this website, as we’ve tried to ensure that they contain the answers to any questions your company may have.
We take our obligation to our customers even farther by actively reviewing neutral third-party security attestations of our key vendors such as Amazon Web Services (AWS). We believe in the ‘trust but verify’ principle when it comes to our security and compliance programs.
Penetration Testing and Other Invasive Testing
While this is much less common, Files.com is also willing to work with customers that require penetration tests or invasive network scanning to audit for security threats. In the past, we’ve passed these tests with flying colors, and are happy to coordinate with your testers.
These tests can cause network problems or congestion for our other customers, so we do ask that any customer running any penetration testing coordinate that testing with our Security team, via a request to our Customer Success team.
Files.com does engage a neutral third-party penetration testing vendor to conduct an annual penetration testing against all facets of our SaaS offering. That test includes infrastructure as well as web application penetration testing company. While this testing is not cheap, we view it as an investment in our security posture and as a critical component of protecting our customers information.
But penetration testing is not enough. We also offer a Security Bug Bounty program where we pay individuals who find issues with our systems or software and report it to our attention. Again, this as an investment in our security posture and as a critical component of protecting our customers information.
Files.com also participates in the HackerOne program that pays individuals to find bugs in our systems. HackerOne is a more formalized bug bounty program and is by invitation only.