we care about your information security
At gofor, we understand our customers’ need to know their data is secure. We’re committed to building trust with our customers, and we’re constantly working to align our data privacy practices with the latest security and compliance standards.
GoFor SOC 2 Compliance Program
GoFor policies, procedures and controls are developed to meet the Service Organization Controls (SOC) standards established by the American Institute of Certified Public Accountants (AICPA). Current attestation scope includes Security, Confidentiality and Availability Trust Service Principals (TSP).
Security
GoFor is resolved to continually improve its compliance program to meet or surpass SOC 2 requirements for secure infrastructure and product development.
We employ comprehensive, active technologies and practices to monitor our platform, detect, deflect, and prevent intrusion, unauthorized access and cyber security threats.
GoFor employs continuous and regularly scheduled vulnerability assessments at the infrastructure, database and application levels.
GoFor undergoes internal and external 3rd party penetration testing for infrastructure and applications.
Availability
All GoFor solutions are housed exclusively on SOC 2 compliant networks and infrastructure. Selected vendors meet GoFor’s stringent requirements for geo-redundant, highly available service.
GoFor solution health and availability are diligently monitored around the clock by dedicated staff.
GoFor backup, disaster recovery, and business continuity policies, plans and geo-redundant solutions are tested and improved regularly.
We continuously assess and act to meet availability requirements, and capacity planning is conducted quarterly based on observed metrics and forecasted growth.
Confidentiality
GoFor employs the latest TLS encryption for all data in transit. TLS 1.2 and 1.3 are supported.
GoFor utilizes encryption at rest for all confidential infrastructure, database, application and backup data.
GoFor employs data classification and data protection policies, procedures and tools to protect confidential and restricted information.
Retention policies, procedures and automated data protection tools are deployed to ensure confidential and restricted information are safeguarded from loss and unauthorized access.
Data security is a top priority for gofor, and we’re committed to attaining and maintaining the highest standards. That’s why our SOC 2 compliance program is so important to us. It validates our disciplined approach to data privacy and security.
Michael Avery, VP Information services and security