Front powers the heart of your business — your team and customers. With that comes responsibility that we don’t take lightly. As your team scales with Front, more and more of your customer communication — and thus data — relies on Front. That’s why we make scalable security our number one priority.
In everything we do, we work to earn your trust and build a product you can rely on. We’ve been working hard on ensuring our security and systems are enterprise-ready, and we’re excited to announce that we have completed our SOC 2 Type 1 audit. Here’s what that means for you and a summary of how we’re investing in the safety of your data.
What is SOC 2 Type 1 certification?
The SOC 2 Type 1 audit is an industry-recognized security certification for software-as-a-service (SaaS) companies. It validates that your data is secure, safe, and controlled with Front. The Type 1 audit is a “point in time” report that shows we follow internal security controls, policies, and procedures upheld by the American Institute of Certified Public Accountants, and ultimately keep customer data secure and confidential.
Achieving SOC 2 Type 1 certification involves a thorough analysis of our controls relevant to security, availability, and confidentiality. Through this we are able to prove our dedication to protecting customer data, ensuring our systems are reliably built, and creating a secure product while scaling. To continue to build your trust, we’ll tackle the SOC 2 Type 2 certification next — the audit is already underway.
SOC 2 Type 1 vs. SOC 2 Type 2
Achieving SOC 2 Type 1 certification involves passing an audit at a single point in time, whereas SOC 2 Type 2 just means passing an audit over a period of time. That period of time can’t be less than six months, and completing Type 1 is the critical first step.
Security that scales with you
We recognize that Front holds your most critical information, and we take that responsibility seriously. Security audits like the SOC 2 Type 1 are just one way that we hold ourselves accountable to you.
Over 6,000 companies of different sizes trust us with their data, time, and investment, so we’re building a product that grows with you. Front flexes to serve your team’s straightforward, one-to-one communication, as well as your most complex workflows — our product, security, and processes all scale as you do. So whether you have five or 5,000 users, we have systems, processes, and guardrails in place to protect your company’s and customer’s sensitive data.
As our product and systems have advanced, our customer base has too. This means hundreds of users, sometimes thousands, per company are using Front at any given moment to communicate with customers. To make this work, we give you control and the ability to move fast — we’ll take care of the rest.
General Data Protection Regulation(GDPR)
California Consumer Privacy Act (CCPA)
Front requires authentication through username and password, or SSO
Front is compatible with any identity provider that supports SAML 2.0. and multi-factor authentication (MFA)
Individuals and administrators can enable two-factor authentication, which adds an extra layer of security to their Front account
Front securely connects to full Gmail and Office365 accounts through an OAuth process that also enables Front to support 2-way sync with email providers
Advanced admin access controls
Front for Enterprise allows you to customize user permissions, like allowing certain users to create rules or restricting them from responding to messages
Front’s admin console provides admins access to manage teammate settings like signatures and preferences, giving them heightened control over each user’s workspace.
Automatic user provisioning and deprovisioning to make sure users are added to the right profiles automatically, and access is revoked quickly (SCIM)
Our ongoing commitment
We’re invested in enabling your team to make an impact, and we know the first step in doing that is ensuring the safety of your information.
To further demonstrate our commitment to larger customers, we’re already making strides towards the SOC 2 Type 2 audit, and we expect that to be finalized in the coming months. We are also continuing to invest in enterprise governance and scalability features to give our administrators additional control and security.
We’re grateful for the trust you’ve put in us so far, and we promise to have your back. If you’d like a copy of our SOC 2 Type 1 audit, just reach out to your point of contact at Front or email firstname.lastname@example.org.
Written by Logan Davis
Originally Published: 12 June 2020