Security Program Highlights

Data Security

Fiduciary Decisions encrypts data at rest and in transit for all of our customers. We manage strong encryption keys and security modules in line with industry best practices, and we only use data centers within the United States.

Application Security

Fiduciary Decisions regularly engages security experts for third-party penetration tests of our production and test environments. Internally we regularly use OWASP ZAP to perform application security testing.

Fiduciary Decisions also uses high-quality static analysis tooling such as Brakeman and GitHub Dependabot to secure our product at every step of the development process.

Infrastructure Security

Fiduciary Decisions uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including Parameter Store, GuardDuty, and Inspector.

In addition, we deploy our application using containers run on AWS managed services, meaning we do not manage servers or EC2 instances to host our production portal.

Security Audits

Fiduciary Decisions had its first successful AICPA SOC2 Type 1 audit conducted in 2018, and currently has annual AICPA SOC2 Type 2 audits conducted as evidence that we maintain a high standard of internal security controls.

Last updated: January 25, 2023