Our approach to security
Discover how Fingercheck safeguards your information
Fingercheck is SOC 2 compliant and safeguards your information at every step of the way
As your trusted all-in-one platform for payroll, HR & benefits, Fingercheck understands the paramount importance of data security. We prioritize protecting your sensitive personal information, ensuring your peace of mind.
Rest assured; your data is in safe hands with Fingercheck. We employ rigorous security measures to maintain absolute confidentiality. From advanced encryption protocols to regular security audits, we leave no stone unturned in safeguarding your valuable data.
Our commitment to data security
Whether it's data transmission, storage, or access control, we employ industry-leading practices to ensure your information remains private and protected – here's how:
SOC 2 Compliant
Fingercheck is SOC 2 compliant and has been audited by an independent third party to achieve this status. SOC 2 compliance ensures that our systems, policies, and procedures have undergone rigorous scrutiny and testing to safeguard your data from unauthorized access, data breaches, and other security risks. When you choose Fingercheck, you can trust that our platform meets the highest security and confidentiality standards.
Two-Factor Authentication (2FA)
Fingercheck provides all users the option of securing their account using Two-Factor Authentication. Two-Factor Authentication helps by requiring a user to enter a randomly generated code that comes to them via secure email when logging in to the platform, along with their account password. This protects the user by adding another layer of identity confirmation, in the unfortunate case of a user’s password or username falling into the wrong hands.
Ownership of Data
In order for us to provide some of our services, we need to be able to access your company’s payroll and HR-related records, as well as accounts from other third-party institutions.
Know that you can stop using Fingercheck at any time for any reason. Upon written request, we can disable any access to all company data, and all employee data within our records. Should you need it, your data can be made temporarily available again by written request.
Audit Logging
All changes to data within Fingercheck are logged to assist with any necessary troubleshooting or investigations. These audit trails are readily accessible to all administrative users directly within the interface.
Employee Access
Fingercheck’s HR policies limit access to your and your employees’ personal information strictly to trusted employees that have a reason to know that information. We implement security practices and procedures designed to protect the confidentiality and security of such information and prohibit unlawful disclosure.
Further, Fingercheck employees directly responsible for providing customer support are all required to pass preliminary employment background checks and go through extensive training on policies and practices within established compliance guidelines.
Data Breach Handling & Workstation Security
If any theft, data breach or exposure containing any protected or sensitive resources are identified, we immediately begin a process of removing all access to the resource(s) in accordance with standard theft/breach/exposure procedures.
Ensuring the confidentiality, integrity and availability of sensitive information, and access to sensitive information is restricted to authorized users only, which comprises Fingercheck staff, and any other approved users, which must be granted access by the account holder.
All workstations are subject to various physical and technical safeguards in order to protect any data that can be accessed.
Vulnerability Handlings
Fingercheck has partnered with Bugcrowd, a cybersecurity company that works to reduce risk in the form of UI vulnerabilities by a combination of vulnerability scanners, penetration tests, bug hunters, and much more. This all contributes to a dependable and reliable web-based platform, well-secured from threats which could compromise data integrity.
Web Application Patches & Updates
All patches and updates are subject to full procedural assessments once prior to their approval and again prior to their release into the live environment, after which they are bound to all other policy requirements.
Technology
Fingercheck runs on Amazon Web Services, or “AWS”, an industry-standard provider of infrastructure for cloud-based applications. AWS is specifically designed to meet the requirements of some of the most security-sensitive organizations out there, protecting all of yours and every other Fingercheck user’s data from outside threats.
Data Centers
Fingercheck utilizes highly secured and certified data centers managed by Amazon. Amazon is a trusted and globally recognized leader in the operation and maintenance of cloud-based data centers.
The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers that also implement dozens of compliance programs in its infrastructure to ensure the highest standards of data security.
Amazon’s data center operations have been accredited under:
- ISO 9001, 27001, 27017, and 27018
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI DSS Level 1
- FISMA Moderate
- DIACAP
- FedRAMP
Data is transmitted to and from Fingercheck using 256-bit SSL encryption- the same type of encryption used in most banks. In addition, Fingercheck secures user sessions with an expiring access token, and makes available audit trails for all user behavior, so if someone changes something, you can find out about it!
Additional Information
Fingercheck, LLC. is located at:
1000 Gates Ave.
Brooklyn, NY 11221