The security of your data is our highest priority. We've built CaseFleet from the ground up on this principle.
Security is a top priority at CaseFleet and is considered a key part of company culture. Every single piece of CaseFleet application code, infrastructure, and operations is continually audited for its security impact.
All of CaseFleet's infrastructure is hosted on Amazon Web Services. For more information regarding their security practices, please visit their security website.
Battle Tested Frameworks
CaseFleet uses tried and true web application frameworks to ensure the integrity of communication between the client and the server. Techniques include:
When possible, data is anonymized via a UUID. By doing so, each component in the CaseFleet infrastructure is only aware of the bare minimum required to serve its purpose.
Passwords are never stored in plain text. They are all hashed before storing in the database.
Virus and Malware Scanning
All files loaded into CaseFleet are automatically scanned for viruses and malware. This helps prevent the spread of potentially harmful files in your firm.
Encryption in Transit
All external and internal communication requires encryption via TLS. All of our web servers require an SSL connection from end users in order to access the application. In addition, all communication between internal systems is required to be encrypted.
Encryption at Rest
All stored data is encrypted when written to disk. In the case of a physical security breach, the attacker would have no way of reading client data.
Virtual Private Cloud
CaseFleet infrastructure responsible for handling end-user data lives entirely within a virtual network. This network is engineered to expose only required components to the public internet. All other components require secure access via the private network.
Agile Development with Code Review
CaseFleet adheres to an agile methodology of development. All code is subject to automated testing for security and integrity. After automated testing, code is reviewed and signed off on by another engineer for security and integrity. Then the code is tested for quality in a staging environment. Only after these steps are complete is the code allowed to be released.
Backups & Recovery
All data stored within CaseFleet is automatically backed up on a daily basis and retained for an extended period of time. In the case of a disaster recovery scenario, this data can be used to restore the application back to the last known operational state.
All employees are issued a company laptop that is returned upon termination. Every employee laptop has disk encryption enabled to prevent theft from compromising the system. In addition, all engineers with production level access have a firewall enabled and network monitoring tools installed.
All access is given under the principle of least privilege. This access is revoked upon employee termination. Where available, two factor authentication is required for all work applications. This access is monitored and audited regularly.
All CaseFleet data is stored in Amazon Web Services. For more information regarding their physical security please visit their website.
The CaseFleet offices require key card access. All access is monitored via security cameras.
In addition to the security steps we have taken, every account has security features to further harden access to your data.
Two Factor Authentication
Every user account can enable two factor authentication to add an additional security layer to your account. Every time you log in, you will be prompted to enter a code from your phone in order to access your data.
Single Sign On
Enterprise plans have the option to enable single sign on via SAML2. This integration allows you to manage your users via a third party authentication provider.
Every administrator within CaseFleet can granularly control what data is visible to which users. This ensures privileged and confidential information stays that way, while allowing you to invite all of your collaborators.
Every time you log into CaseFleet, a unique "session" tied to your web browser and IP address is generated. If more than one valid sessions exist at any time, CaseFleet pushes an alert to the application notifying you of the additional login and providing an opportunity to take further steps as needed, such as adding two-factor authentication to your account.