A leading information security standard detailing how an organization should manage its Information Security Management System (ISMS). FourCore is audited and certified and audited by an independent body in compliance with ISO standards.

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).

FourCore hosts Service Data primarily in AWS data centres that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology and other security measures. FourCore leverages AWS data centres in India, Middle East (UAE).

All communications with FourCore UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and FourCore is secure during transit. Exceptions for encryption may include use of any other third-party app, integration or service subscribers may choose to leverage at their own discretion.

Testing and staging environments are logically separated from the Production environment. No real data is used in development or test environments. FourCore team reviews and test all product features and attack simulations before production release.

FourCore utilizes third-party code and library scanning tools to monitor vulnerabilities in third-party dependencies to identify and manage issues in development.

FourCore enforces (2FA) for all employees, internally and externally. Customers can choose between 2FA enforcement or SSO.

Access to data within FourCore prodcuts is governed by role-based access control (RBAC) and can be configured to define granular access privileges. FourCore supports various permission levels for users (Administrators, Regular User, Read-Only).

In addition to an extensive internal and external testing, FourCore employs third-party security experts to perform detailed penetration tests on FourCore products at least annually.

Our Responsible Disclosure Program gives security researchers, as well as customers, an avenue for safely testing and notifying FourCore of security vulnerabilities through our partnership with BugBase.

All employees are provided ongoing security awareness training. The security team provides phishing campaign tests and security awareness updates.

All new hires are required to sign non-disclosure and confidentiality agreements.