At FYLD, we keep both employees and end users safe and secure.

FYLD obtained ISO 27001 in 2021, and has recently added Cyber Essentials to our Security Certification stack.

Since our conception, we have collaborated with external consultancies to implement best practices for data protection.

When an employee starts their journey with us, data protection training is taught in week one. We prioritise data protection training because our belief is that humans play the biggest role in protecting data and information, both keeping them private and secure. FYLD partners with Trainual to supply and audit training.

Our lunch and learn sessions are often used for practical tips. A recent agenda included:

• Three ways to send data securely
• Three new ways to keep your laptop secure

Each FYLD employee is accountable to learn and implement measures they put into place and is expected to keep a healthy list of data protection actions. This is tracked monthly by our Chief Operating Officer (COO).

FYLD operates with a “need to know only” system, whereby access to Personally Identifiable Information (PII) and confidential information is available to access by named employees only. FYLD has audit trails where appropriate for access management.

For our product, FYLD end users can gain access using strong credentials or 3rd party integrations such as OKTA. End users that are not active will be removed for further protection.

Our laptops are high-grade machines which come with a custom-built package comprising a variety of automated elements. This ranges from automated, high-security passwords to screen privacy filters. Our hardware can be wiped and managed remotely by our IT team.

FYLD has recently upgraded our communication systems. These systems now include AI which will detect cyber threats and trigger automatic training if any employee clicks on unexpected links or attachments. This activity is conducted in partnership with Iron Scales  and reduces FYLD risk to phishing, malware and viruses.

FYLD has logged every 3rd party we work with, signed up to additional clauses and will only allow 3rd parties to work with us if they pass our supplier sign-up via Functio. FYLD will not work with 3rd parties that do not pass supplier sign-up, or share our aims and approach to data protection.

Where available, all data, be it on laptops or transmitted, is saved using sophisticated encryption. This means data is consistently analysed for unforeseen or bad actors. All data is encrypted both in rest and in transit.

FYLD has an internal incident register. This register is updated with any breach or potential breach. Our COO works directly with the UK Information Commissioner Office (ICO). Our internal process allows us to gather information on the type of data, who may be affected and the level of severity – this allows us to effectively trigger a 72-hour data breach process, if required.

Data is stored within the EU with a provider that is ISO27001, SOC1 and SOC2 Certified.

If you have found a security vulnerability, please let us know straight away at security@fyld.ai.