Flexcompute, Inc Trust Guide
LAST UPDATED: APRIL 3, 2023
As a cloud simulation software provider, Flexcompute is proud to assure our customers that their data is secure and protected at all times. Our services are independently audited for SOC2 compliance to ensure the highest standards of security, integrity, availability, and privacy.
Our network is routinely subjected to penetration testing to identify and address vulnerabilities, and we restrict access to customer data to only authorized personnel. Even our employees cannot access customer data without explicit authorization.
To further protect our customers' data, we recommend that they follow best practices for password protection, regularly review and monitor their accounts, and report any suspicious activity to us. Customer data is encrypted when stored in the cloud, or transmitted to and from the cloud and that appropriate access controls are in place to restrict who can view or modify the data.
We understand the importance of our customers' data, and we're committed to maintaining the highest standards of security and compliance. Our customers can trust us to keep their data safe and secure.
Click here to speak with our security team.
REGULATORY COMPLIANCE
SOC 2
What is SOC 2? - A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
A third-party auditor has found that:
- 1. The controls for Flexcompute's Simulation Platform provide assurance that Flexcompute's service commitments and system requirements would be achieved based on the applicable SOC 2 trust services criteria, and
- 2.The controls operated effectively throughout the audit period.
PRIVACY
The Flexcompute Engineer Production Access Policy ensures that only authorized personnel with a legitimate business need can access the Flexcompute environment. Access is granted only to the minimum extent necessary to perform the job function, with access approval and revocation requirements. Access to AWS Cloud Services and in-house servers is restricted, and customer data is removed permanently once computation is completed.
Also, Flexcompute's Terms & Conditions cover confidentiality and privacy policies. Confidential information is defined and protected, and access to it is limited to those who need it. Flexcompute is responsible for safeguarding the Subscriber's data, and the Recipient can disclose confidential information if compelled by law or civil proceeding but must provide prior notice. Personal information is handled in accordance with the agreement and privacy policy.
Click here to request copies of our Engineer Production Access Policy or Terms & Conditions, or to speak with our security team.
SECURITY
Flexcompute's Network Security Policy provides a comprehensive set of technical guidelines for a secure network infrastructure and covers various security measures and policies:
| Access Management | IT Asset Management | Logging and Documentation | Networking Devices | Networking Security Measures | Security Testing |
|---|---|---|---|---|---|
| Password construction | Software use policy | Log management | Networking hardware | Firewalls | Security testing (both internal and audited external) |
| Administrative access | IT asset disposal | Network documentation | Network servers | Outbound traffic filtering | Suspected security incidents |
| Manufacturer support contracts | Maintenance windows | Network compartmentalization | Intrusion detection / prevention systems | Security policy compliance | |
| Change management | Antivirus/anti-malware software | Applicability of other policies |
Click here to request a copy of our Network Security Policy or to speak with our security team.