Security & Compliance at FWI

Learn about FWI's data security posture.

A breach in any of your systems could provide a window of opportunity for a malicious actor or hacker to gain unauthorized access into your company’s environment.

Even a small lapse in your company’s security posture can expose anything from passwords to confidential company data, to personally identifying and financial information. That’s why FWI puts security and compliance at the forefront of everything we do. FWI’s Security, Cloud Operations, and Development teams work together to ensure the platform that powers digital signage networks for thousands of leading companies remains secure in a world where data breaches are becoming more commonplace.

FWI’s product offerings are backed by a full set of information security policies and procedures that include, but are not limited to, incident response, Secure Software Development Lifecycle (SSDLC), cryptographic security, change management, and access control. FWI leverages the NIST and ISO 27001 security frameworks for the basis of its security program and high-level policies. This approach helps ensure the security of FWI’s solution, and that the services provided by FWI meet or exceed regulatory and contractual obligations. Additionally, FWI uses the SOC 2 reporting framework to audit its security program and is compliant with GDPR privacy and security standards.

Highlights of FWI’s Security Posture

  • Data encryption in transit using TLS over HTTPS, ensuring the protection of your data while traversing public networks
  • Data encryption at rest using AES-256, keeping data in storage secure
  • Physical security protection leveraging Amazon AWS environments
  • Options for Integrated Authentication using Okta as FWI’s IdP¡Customer-specific encryption keys, bolstering logical separation of FWI customer data and providing a mechanism to ensure secure deletion of your data
""

SOC 2

FWI uses industry recognized third-party auditors to review and assess FWI’s security program and operational performance, resulting in the issuance of a SOC 2 Type II audit report for in-scope services. FWI provides reasonable assurance that service commitments and system requirements were achieved by testing against the SSAE18 security, availability, and confidentiality trust principles. FWI’s SOC 2 Type II report is disclosable under NDA or an active agreement.

GDPR & CCPA

FWI maintains a mature privacy program which includes ongoing reviews of applicable privacy laws both domestic and international so FWI can keep its products and privacy program up-to-date and in compliance with regulations that both impact FWI and its customers. As part of FWI’s privacy program, FWI has incorporated privacy principles such as “Privacy by Design” into our SSDLC and the result is a highly secure offering that includes but is not limited to data protection impact assessments, quarterly audits, ongoing vulnerability management, and secure deletion of customer data. All data is encrypted at rest and in transit, and keys used for data storage are generated and stored using Amazon KMS. If you have questions regarding FWI’s usage of personal data, please reference our Privacy Policy.

Your Data Matters

It’s important to FWI that your data is protected. As a data processor, we implement industry accepted best practices to secure your data and to ensure compliance with privacy regulations around the world. Through FWI’s rigorous security processes, adoption of industry accepted security frameworks, and use of advanced technology, FWI ensures your signs display what you want, when you want it. FWI boasts a 99.9% uptime to make sure your content is available when you need it the most.

Have more questions or would like to see our supporting documentation and attestations? Please email security@fourwindsinteractive.com.

Other Content You Might Be Interested In

Liked what you read? Check out some of our other articles—covering a variety of topics—to learn more about digital signage, omnichannel communications, and space management.

Ready to learn more?