New: Factal launches 'Incident Chat' to connect companies in proximity to the same incident

Factal
  • Why Factal?
    Overview ROI
  • Solutions
  • Partners
  • Resources
    Blog iOS app Android app Global security briefing Benchmarker newsletter Forecast newsletter Forecast podcast Debrief newsletter Climate security report
  • Company
    About us Team Work with us Code of ethics Our story Press Contact
  • Member sign in
  • Why Factal?
  • Solutions
  • Partners
Sections
  • Security compliance
  • Logging into Factal
  • Vulnerability scanning and penetration testing
  • Encryption

Security at Factal

Last updated November 7, 2023

Factal values our members' trust and takes security very seriously. This page answers some frequently asked questions about Factal's security posture.

Security compliance

What security standards does Factal follow?

As of October 2023, Factal is within the observation window for SOC 2 type II certification. We anticipate receiving our first report from our external auditor in Q1 2024.

My organization needs Factal to fill out a security questionnaire or provide documentation of Factal's policies. What should I do?

Current Factal members should contact their member success manager with any documentation requests.

Do Factal employees complete regular security training?

All Factal staff, contractors, and interns -- including our editors -- are required to complete security training and review and accept Factal's security policies annually.



Logging into Factal

Can my organization use single sign-on (SSO) to log into Factal?

Yes! Factal can integrate with your organization's Identity Provider for SSO (SAML 2.0) login capabilities. Contact your member success manager to set up an appointment with Factal's integration team.

Can users sign in with multi-factor authentication (MFA)?

Soon! Factal anticipates making MFA available for Factal.com using an authenticator app by the end of 2023. Organization administrators will be able to opt their organizations' users into MFA.

How often do I have to log back in to Factal?

Your organization admins can set when your Factal session expires in the Org/Member Settings tab under Organization Settings.



Vulnerability scanning and penetration testing

How often does Factal have penetration testing conducted?

Factal contracts with third-party testers to have penetration testing conducted at least annually. A copy of the most recent report is available upon request to members and prospective members.

How often does Factal conduct vulnerability scans?

Factal conducts vulnerability scans at least quarterly. GitHub security advisories and security scanning functionality built into Factal’s CI/CD process alert team members to vulnerabilities in software dependencies.



Encryption

How is Factal data encrypted?

Factal data is encrypted at rest and in transit. Data is secured at rest using AES-256 encryption. Data is secured in transit via TLS 1.2+. Encryption keys are managed by Heroku.



If you have any other questions, please email members@factal.com.



Facts save lives

  • Pages
  • Home
  • Why Factal?
  • Solutions
  • Partners
  • ROI
  • Member sign in
  • Resources
  • Blog
  • iOS app
  • Android app
  • Global security briefing
  • Benchmarker newsletter
  • Forecast newsletter
  • Forecast podcast
  • Debrief newsletter
  • Climate security report
  • Company
  • About us
  • Team
  • Work with us
  • Our story
  • Contact us
  • Code of ethics
  • Press
  • Security
  • Privacy policy
  • Your privacy choices
  • Terms
  • Follow us
  • Twitter
  • LinkedIn
  • Facebook
See why Factal is trusted by the world's most resilient companies

Contact us to book a time to provide a tailored demo. If you like what you see, you can take Factal for a free 30-day test drive.

We've made it fast, simple and stress-free to trial Factal — no paperwork or downloads required. Our secure, cloud-based technology can be configured in just a few minutes.


If you're an NGO, please contact us here.

Questions? Please email us at sales@factal.com

Watch a two-minute Factal demo
Get the Benchmarker newsletter every week
* indicates required
You can unsubscribe at any time via a link in each email. Here's our privacy policy.
Thank you for contacting Factal! We'll get back to you shortly.