SECURE BY DESIGN
Security Threats Are Real
Does your human performance vendor adhere to cyber security frameworks and certifications or is it simply lip service? We’re proud to be ISO/IEC 27001:2013 and ISO/IEC 27701:2019 certified. These independent certifications mean you can trust us to take security and data privacy very seriously and to continuously improve our controls against security threats.
Military-Grade Security, Seriously
Smartabase brings all of the SOF operator human performance data together in one structured and secure place. In 2019, Fusion Sport was commissioned to upgrade the security of Smartabase in preparation for deployment on the United States Department of Defense network. The benefits of that effort now flow through to all Smartabase clients to deliver peace of mind that your data is safe and secure.
Comprehensive Access Controls & Reporting
- Administration capabilities with group- and role-based access control (ABAC)
- Single sign-on and enhanced application access security
- Multi-factor authentication available
- Comprehensive audit trails
- Built-in license auditing options for authorized client administrators to retrieve a report on all user accounts
Secure-by-design Philosophy. Secure Development Practices.
At the highest level of our information security framework, security means we care about good governance, privacy, compliance, and assurance. We develop our products with the security and privacy of our clients and users in mind and our security standards are continually strengthened to adhere to the latest military-grade standards.
Powerful Security Framework
Standards reflected in our development processes include:
- ISO/IEC 27001:2013 Certified
- ISO/IEC 27701:2019 Certified
- AICPA SOC 2 Type 2 Compliant
- NIST 800-53 and FedRAMP
- Trust Services Criteria
- GDPR, HIPAA, and PIPEDA
- OWASP Top Ten
- System and Organization Control (SOC) 2 Report
- Health Data Host (HDH) Certified
Rigorous Data Protection
- 24×7 threat monitoring and alerting
- Data backups are compressed then encrypted to ensure they cannot be compromised
- Robust backup systems with full backup encryption to ensure maximum data redundancy
- Full encryption on all data in transit and at rest
- Infrastructure controls to meet Impact Level 5 (IL5) requirements
Data Privacy and Compliance
Smartabase allows you to securely capture, store, analyze, share and understand the human performance data that is important to you. When that data falls under one or more data protection laws, Fusion Sport aims to give users the tools they need to meet compliance requirements with confidence.
The governing bodies behind these data protection laws have the expectation that data will be managed strictly according to their regulations as part of a wider cyber security program that also prioritizes good corporate governance and effective cyber security controls. Our Security Framework considers these laws, industry best practices, and standards as summarized below.
HIPAA and PIPEDA – Smartabase is currently compliant through self-attestation.
Business Associate Agreement (BAA) – Fusion Sport is more than happy to enter into an appropriate Business Associate Agreement with its North American clients upon request to help them meet their data protection requirements.
GDPR – When handling personal data on behalf of a European citizen, Fusion Sport acts as a Data Processor under the EU General Data Protection Regulation 2016/679 (GDPR). Fusion Sport is more than happy to enter into an appropriate Data Processing Agreement with its clients upon request to help them meet their data protection requirements.
UK Data Protection Act – Fusion Sport is a Registered Data Controller with the Information Commission in the United Kingdom. We are registered under the UK Data Protection Act, registration number ZA286179.
Privacy Acts – Fusion Sport manages privacy compliance in accordance with these complementary privacy acts – The Privacy Act 1988 (Cth) and the New Zealand Privacy Act 1993 and their associated privacy principles.
Dedicated Security & Systems Admin Team
Smartabase is governed by a clear framework to consolidate the many compliance requirements, system procedures, and data management practices that are overseen by our skilled project delivery experts and dedicated security team, and reflected throughout our organization. In addition to our frameworks and processes detailed above, our team is happy to talk to your IT and security departments, provide you with more information on security policies, perform customer audits, and assist with data protection impact assessments (DPIA).