Security Program Highlights

Data Security and Confidentiality

Fiduciary Decisions treats all client data as strictly confidential.  We implement formal confidentiality policies and processes that are tested annually during an AICPA SOC2 Type 2 audit.
 
Fiduciary Decisions encrypts sensitive data at rest and in transit. We manage strong encryption keys and security modules in line with industry best practices, and we only use data centers within the United States.

Application Security

Fiduciary Decisions regularly engages security experts for third-party penetration tests of our production and test environments. Internally we regularly use OWASP ZAP to perform application security testing.

Fiduciary Decisions also uses high-quality static analysis tooling such as Brakeman and GitHub Dependabot to secure our product at every step of the development process.

Infrastructure Security

Fiduciary Decisions uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including Parameter Store, GuardDuty, and Inspector.

In addition, we deploy our application using containers run on AWS managed services, meaning we do not manage servers or EC2 instances to host our production portal.

Security Audits

Fiduciary Decisions had its first successful AICPA SOC2 Type 1 audit conducted in 2018, and currently has annual AICPA SOC2 Type 2 (Trust Service Principles: Security, Confidentiality, and Availability) audits conducted as evidence that we maintain a high standard of internal security controls.

Last updated: September 29, 2023