Founded in 2021
Facctum recognises that the confidentiality, integrity and availability of information and data created, maintained and hosted by us are vital to the success of the business and privacy of our partners.
As a service provider/product, we understand the importance in providing clear information about our security practices, tools, resources and responsibilities within Facctum so that our customers can feel confident in choosing us as a trusted provider.
This Security Posture highlights high-level details about our steps to identify and mitigate risks, implement best practices, and continuously develop ways to improve.
Founded in 2021
Controls (64)
Here are the controls implemented at Facctum to ensure compliance, as a part of our security program.
Product security (3)
Production System User Review
Situational Awareness For Incidents
Log Priviledged Operations
Data security (11)
Identify Validation
Termination of Employment
Production Databases Access Restriction
Multi-factor Authentication
User Privileges Reviews
User Access Reviews
Encrypting Data At Rest
Data Backups
Choice & Consent
Data Subject Access
Physical Security
Network security (8)
Impact analysis
Limit Network Connections
External System Connections
Transmission Confidentiality
Anomalous Behavior
Capacity & Performance Management
Cloud Provider Requirements
Centralized Collection of Security Event Logs
App security (6)
Conspicuous Link To Privacy Notice
Secure system modification
Approval of Changes
Testing of changes
Unauthorized Activities
Regression Testing
Endpoint security (5)
Malicious Code Protection (Anti-Malware)
Full Device or Container-based Encryption
Endpoint Security Validation
Session Lock
Endpoints Encryption
Corporate security (31)
Code of Business Conduct
Organizational Structure
Roles & Responsibilities
Competency Screening
Personnel Screening
New Hire Policy Acknowledgement
Security & Privacy Awareness
Performance Review
Periodic Policy Acknowledgement
Risk Assessment
Third-Party Criticality Assessments
Internal Audit using Sprinto
Management Review of Org Chart
Management Review of Risks
Management Review of Third-Party Risks
Segregates Roles and Responsibilities
Subprocessor Requirements
Data Protection Impact Assessment (DPIA)
EU Representative
Testing
Customer Obligations
Retention of Policies
UK Representative
Asset Ownership Assignment
Incident Management by Service Providers
Validate Security Controls
Review of Third-Party Services
Infosec training ack
New Hire Security & Privacy Training Records
Periodic Security & Privacy Training Records
Inventory of Endpoint Assets
