To report a security incident, please get in touch with us at security@fusion-reactor.com.
FusionReactor Security Compliance
1. Security Overview
Before going any further, please review our Privacy Policy and EULA. So you can understand how we use your data.
We take information security very seriously and use information security best practices across the entire stack, from infrastructure to code. To ensure that your data is as safe as possible.
2. Product Overview
FusionReactor provides real-time visibility and alerting of application performance issues and can be effectively used across the whole Software Development Life Cycle. Thousands of customers trust FusionReactor to monitor their applications, enabling them to identify and respond faster to performance and stability problems. FusionReactor’s aim is to ensure applications run at peak operational and business performance.
FusionReactor works like this;
- A customer has an application they want to monitor, they install the “FusionReactor Agent.
- A customer can then get insight into their application, data can stay local or in addition be sent to our SAAS service FusionReactor Cloud.
- If customer has signed up for FusionReactor Cloud the FusionReactor Agent will send performance metrics to the FusionReactor Cloud service.
- The FusionReactor Service aggregates and stores the application performance data in our secure data center hosted on AWS.
3. Security training Policy
Our employees are required to conduct themselves in a manner consistent with the company’s guidelines, including those regarding confidentiality, business ethics, appropriate usage, and professional standards. All newly hired employees are required to sign confidentiality agreements and to acknowledge the Intergral code of conduct policy. The code outlines the company’s expectation that every employee will conduct business lawfully, ethically, with integrity, and with respect for each other and the company’s users, partners, and competitors. Processes and procedures are in place to address employees who are on-boarded and off-boarded from the company.
Employees are provided with security training as part of new hire orientation.
Processes
We only process data that we require and is necessary for us to conduct business. All personal data processing is dealt with in a GDPR compliant manner. For more information on how we process data please see our privacy policy.
4. Technology
Data Center (AWS)
FusionReactors’s servers, applications, datastores and services are hosted on the AWS (Amazon Web Services) platform in facilities compliant with leading security standards including; PCI DSS Level 1, ISO27001, ISO27018, ISO 9001, SOC1, SOC2, SOC3 and many more. For more details, please see the AWS compliance programs and the AWS Security Whitepaper.
5. Certifications and Standards
ISO 27001 – Our data center and payment providers are all ISO 27001 compliant.
SOC 2 – Intergral Information Systems GmbH (the makers of FusionReactor) is SOC2 Type 2 compliant. Our data center and payment providers are also SOC 2 compliant. Visit our Soc 2 page or visit our Trust Centre
PCI – We are PCI certified to take credit card payments, and the associated data. We follow PCI best practices with regard to the encryption and transmission of credit card information and do not store this information on our servers.
Our data center, identity management and payment providers are all PCI DSS Level 1 certified.
HIPAA – FusionReactor is designed to be functional and secure, but not specifically for compliance with HIPAA regulations. There is overlap between our security and HIPAA’s requirements, but not complete overlap. Since we have no way to determine if your application data contains PII, we have to place the responsibility on you. This means that it is not feasible for us to take legal responsibility for your PII and we cannot sign a BAA.
If HIPAA compliance is a requirement, please consider carefully if FusionReactor is an appropriate service. We’d be happy to talk in more detail if you have questions about the possibility of using FusionReactor safely in a HIPAA-covered environment. Notably, if the focus is on application behavior and performance and data has been de-identified or anonymized, HIPAA compliance may not be required and FusionReactor may be able to serve your needs.
General Data Protection Regulation (GDPR)
We are GDPR compliant. See our GDPR page for more information about the steps we’ve taken to reach compliance as well as resources for understanding GDPR.