FifthKeys

Why Choose Us

How It Works

FAQ

BeyondBrain Incorp. Security Terms Sheet

Effective Date: November 13, 2024

This Security Terms Sheet details BeyondBrain's measures to protect Personal Data processed via the FifthKeys platform, complementing the DPA.

1. Security Standards

  • Compliance with ISO 27001 (information security) and SOC 2 (service organization controls).
  • Regular audits to maintain these standards.

2. Encryption

  • Data at Rest: Encrypted with AES-256.
  • Data in Transit: Secured with TLS 1.3 or higher.

3. Access Controls

  • Role-Based Access: Limited to necessary personnel.
  • Multi-Factor Authentication (MFA): Mandatory for system access.
  • Audit Logs: Track all data access for monitoring.

4. Incident Response

  • A formal plan to detect and address security incidents.
  • Controller notification within 72 hours of a breach.
  • Annual testing of the response plan.

5. Employee Training

  • Regular security and privacy training for all staff.
  • Extra training for those handling Personal Data.

6. Physical Security

  • Data stored in SOC 2-compliant data centers with biometric access and 24/7 monitoring.
  • Office access restricted via keycards, with visitor logs.

7. Vendor Management

  • Subprocessors vetted for security before use.
  • Bound by contracts matching DPA standards.

8. Vulnerability Management

  • Quarterly scans and annual penetration tests.
  • Critical patches applied within 30 days.

9. Data Minimization and Retention

  • Only necessary data is processed.
  • Data kept only as long as needed or required by law.

10. Compliance and Certification

  • ISO 27001 and SOC 2 certified, with reports available on request.
  • Security reviewed every six months for legal and industry compliance.

Copyright 2025 FifthKey. All right reserved

Privacy PolicyTerms and conditionsDPASecuritySubprocessors