We don’t want you to just take our word for it when we say your data is secure, we want you to understand exactly how, so we decided to dedicate an entire page for you just on this.
When you use our services, you’re trusting us with your information. We understand that this is a big responsibility and we work incredibly hard to protect your data. The information you store while using our services is always encrypted, and only you can decrypt it.
myFRP does not have access to your password or your data. We designed our services to protect both, and we work with various organisations and security experts to make sure our services are rock solid.
We can’t see your data, even in case of a data breach! We can’t use it, share it, or sell it. We partner with Microsoft Azure as our Cloud storage provider; the world's best.
Azure has thousands of people keeping it safe. That's why it's used by governments and banks around the world.
An incredible amount of funding and resourcing goes into Azure security to keep it safe.
No other Cloud storage provider in the world has as many strict compliance certificates as Azure.
The 'Cloud' is where we store your data when you enter it into your account. Strangely, it has nothing to do with the fluffy floaty things in the sky.
The Cloud is a secured physical location where data can be saved, usually away from unauthorized personnel. These are physical, highly secured locations. Typically, tall fences made of steel and concrete encompass every inch of the perimeter. There are cameras around the locations, with a security team monitoring their videos at all times. Regular people can’t visit these locations, you must have a valid reason, and you must register your visit in advance and will need to use biometric identification to move around the site, with the security team actively monitoring you and asking you to go through scanners as you move around.
In other words, your data is safer here than on your own stealable laptop.
We use two-factor authentication to make sure your account is as secure as possible and to ensure it is always only you accessing your information.
By enabling two-factor authentication, it makes it near impossible for attackers to access your account as it means they would not only need your username and password, but also a unique code that’s sent to you each time you attempt to login. We pride ourselves on keeping your sensitive information super secure, and without two-factor authentication, we wouldn’t be keeping our promise.
We've approved a range of options for you to choose from in order to verify it's you signing into your account. You can either select a security question, email authentication, Okta verify, Google Authenticator, SMS verification or voice authentication. You only need to pick one, so choose whatever suits you best. To learn more about all of the multi-factor authentication options supported by myFRP, just click here.
We comply with the most stringent industry standards for data confidentiality, integrity, and availability. Our information security management system meets and exceeds the high standards set by ISO 27001:2013 standard. We are also Cyber Essentials and Payment Card Industry Data Security Standard (PCI DSS) compliant and certified.
Apart from your username and password, you’ll need a unique code that’ll be emailed to you every time you try to sign in. This is called Multi-Factor Authentication (MFA) and it makes sure it’s really you.
When you’re typing away and your data is being sent to your account, there is a secure virtual tunnel put in-between your computer and the Cloud. This means nobody can see it in transit. This is called Transport Layer Security (TLS).
All the things you save will be scrambled up and will only re-order themselves when you securely log-in. This means your data makes absolutely no sense without your authentication. This is called encryption.
Our services are reviewed by multiple independent security firms who are CREST and NCSC Certified who provide penetration testing against services provided by us, secure code review and continuous vulnerability management. We’ve implemented a mixture of cyber security and encryption controls, and some of our core controls are:
• Multi-Factor Authentication (MFA) across all systems.
• Encryption of data at rest and in transit.
• Technical Assessment of our systems for vulnerabilities and configuration weaknesses.
• Secure Development within a secure development environment, continuous security testing by experienced developers with experience on secure coding practise.
• Controlled Access to only approved individuals (deny all access by default).
• Screening of all employees to a minimum of the Baseline Personnel Security Standard (BPSS).
• Data Classification and Handling training for all employees.
• Policies and Procedures on secure operations and configuration of systems.