Security and Trust
Security and Trust
At Firstbase, we have a security-first approach. As keepers of our clients' sensitive data, we know your trust is imperative. Our comprehensive approach means you can have peace of mind knowing that your data is safe with Firstbase.
At Firstbase, we have a security-first approach. As keepers of our clients' sensitive data, we know your trust is imperative. Our comprehensive approach means you can have peace of mind knowing that your data is safe with Firstbase.
Security Compliance
Firstbase currently holds an AICPA SOC 2 Type II report. This certification covers a number of security-related control objectives including: Secure Development Management, Change Management, Human Resource Security, Data Management, 3rd Party Risk Management, BCDR Management, Risk Management, Physical Security, and Technology / Security Ops Management.
For more information about our security controls and to request access to our SOC 2 report and policies, please visit our Trust Report page.
Firstbase currently holds an AICPA SOC 2 Type II report. This certification covers a number of security-related control objectives including: Secure Development Management, Change Management, Human Resource Security, Data Management, 3rd Party Risk Management, BCDR Management, Risk Management, Physical Security, and Technology / Security Ops Management.
For more information about our security controls and to request access to our SOC 2 report and policies, please visit our Trust Report page.
Security Testing of Controls
Firstbase undergoes regular third-party penetration testing to ensure the integrity of our application. Our dedicated security team also performs ongoing internal security reviews and vulnerability assessments to keep us compliant with the highest security standards.
Platform Security
Firstbase employs robust technical security safeguards to protect data and systems. All data is encrypted in transit using SSL/TLS and at REST using industry-standard AES-256 encryption algorithm. A Web Application Firewall (WAF) is also implemented to further enhance the security by protecting APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. Access to client data is protected by two-factor authentication and restricted based on roles designed for segregation of duties and need-to-know access control principles.
Security Compliance
Firstbase currently holds an AICPA SOC 2 Type II report. This certification covers a number of security-related control objectives including: Secure Development Management, Change Management, Human Resource Security, Data Management, 3rd Party Risk Management, BCDR Management, Risk Management, Physical Security, and Technology / Security Ops Management.
For more information about our security controls and to request access to our SOC 2 report and policies, please visit our Trust Report page.
Security Testing of Controls
Firstbase undergoes regular third-party penetration testing to ensure the integrity of our application. Our dedicated security team also performs ongoing internal security reviews and vulnerability assessments to keep us compliant with the highest security standards.
Platform Security
Firstbase employs robust technical security safeguards to protect data and systems. All data is encrypted in transit using SSL/TLS and at REST using industry-standard AES-256 encryption algorithm. A Web Application Firewall (WAF) is also implemented to further enhance the security by protecting APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. Access to client data is protected by two-factor authentication and restricted based on roles designed for segregation of duties and need-to-know access control principles.