For the current version, please visit the website.
We understand that many businesses are requiring more information of their SaaS and cloud vendors than ever before. We support these efforts and we do the same of our vendors.
We have assisted customers with different attestation standards such as SOC 1, SOC 2 , SOC 3, PCI-DSS, HIPAA, and CSA Star. We are familiar with the attestation process and can provide the information customers require from their neutral third-party assessors.
Files.com has completed a SOC 2 audit. Please contact us for a copy of the completion letter from the auditing firm. If you would like to receive a copy of the full SOC 2 Type 1 report, we require that you first sign an NDA via e-signature.
We have developed a specialized team within our Customer Success team to handle these customer audit requests.
Customers on our Premier and Enterprise plans receive full access to this team at no additional charge, up to a reasonable limit per year.
For our customers on our Starter or Power plans, we encourage you to read the rest of the Security and Compliance pages on this website, as we've tried to ensure that they contain the answers to any questions your company may have.
We take our obligation to our customers even farther by actively reviewing neutral third-party security attestations of our key vendors such as Amazon Web Services (AWS). We believe in the 'trust but verify' principle when it comes to our security and compliance programs.
While this is much less common, Files.com is also willing to work with customers that require penetration tests or invasive network scanning to audit for security threats. In the past, we've passed these tests with flying colors, and are happy to coordinate with your testers.
These tests can cause network problems or congestion for our other customers, so we do ask that any customer running any penetration testing coordinate that testing with our Security team, via a request to our Customer Success team.
Files.com does engage a neutral third-party penetration testing vendor to conduct an annual penetration testing against all facets of our SaaS offering. That test includes infrastructure as well as web application penetration testing company. While this testing is not cheap, we view it as an investment in our security posture and as a critical component of protecting our customers information.
But penetration testing is not enough. We also offer a Security Bug Bounty program where we pay individuals who find issues with our systems or software and report it to our attention. Again, this as an investment in our security posture and as a critical component of protecting our customers information.
Files.com also participates in the HackerOne program that pays individuals to find bugs in our systems. HackerOne is a more formalized bug bounty program and is by invitation only.