Security

At Field Dailies, nothing is considered more important than protecting your data from unauthorized access or loss. We have woven a data-security culture into our DNA. It's manifested in the security features of our platform, the selection of our technology partners and vendors, employee training, company policies, adherence to the latest best practices and developments in the field, and vigorous testing and quality assurance practices that go into every release of our technology.

We realize that we have to work hard to deserve your trust, and we are committed to doing so. The following is an overview of our security measures. Please note that some details have been excluded in order to protect the integrity of these security solutions.

Physical Layer

Field Dailies is using Amazon Web Services (AWS) as its infrastructure provider. AWS has built a reputation for providing some of the most secure and best-run data centers in the world.

AWS is:

• SOC 1 and 2 / SSAE 16 / ISAE 3402 Certified (formerly SAS70)
• SOC 3 Certified
• ISO 27001 Security Certified
• Authorized by U.S. General Services Administration to operate at the FISMA Moderate level
• Capable of supporting Payment Card Industry (PCI) compliant applications when AWS and Field Dailies-provided security controls are used in tandem
• Field Dailies Security - SAS-70, ISO and PCI Compliance

These compliances and certifications ensure that AWS adheres to the stringent security standards that meet or exceed the requirements of some of the most sensitive data and applications.

Network and Systems Layer

Our servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols and ports are disabled and monitored.

Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors.

Our databases and backups can only be accessed through trusted and secure authentication.

Human Layer

All data maintained in your Field Dailies account is owned by you. Only a few select, qualified and authorized personnel are allowed access to servers when necessary for system management, maintenance, monitoring, and backups.

We follow rigorous hiring practices and every administrative, IT, support, and sales candidate undergoes a background check.

Our support engineers may only access your account when explicitly authorized by you to resolve problems or issues reported by you or to address issues for which we are contractually authorized.

All account logins are tracked for reference.

Application Layer

The Field Dailies platform offers an extensive list of features to help you protect and secure your account, data and applications:

Account Authentication - Your account is protected by your Account ID and password.  You are advised to only access your account from trusted devices and networks. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.

Data Encryption - 256-bit SSL encryption for enhanced security during submission is featured for all plans. We also provide the ability to store information in an encrypted format in the database.

Data Harvesting Protection - Field Dailies provides CAPTCHA human verification security that can be added to the search forms of your apps to prevent robots from harvesting your data.