Security FAQs

Here you’ll find answers to the most frequently asked questions we receive from field teams, managers and the industry.

Data Security

  • All data at rest is encrypted with AES-256. All system passwords and access keys are rotated regularly. Data in transit utilises TLS internally and externally.

    FYLD complies with all relevent privacy legislation. Technical compliance is maintained via automated reporting in cloud platforms and adhering to software development best practices. Organisation complaince is delivered via regular training / testing.

  • FYLD utilises AWS systems, this encompasses measures such as identity and access management (IAM) policies, encryption, and network security controls to prevent unauthorized access to data.

Access Control

  • FYLD utilises AWS Cognito services to handle user authentication and to integrate with 3rd party identity providers such as OKTA. Depending on customer’s configuration, users can be authenticated via one-time use login links or via username and password authentication. In case of the latter, the enforced password rules are:

    • minimum 8 characters
    • must include numbers
    • must include special character
    • must include uppercase letters

    SRP protocol based authentication is also enabled for password based authentication.

  • FYLD provides a role based solution where each user can either be assigned field worker, manager or admin roles. These roles have pre-defined functionalities to fit the day to day needs of our users.


  • FYLD is fully GDPR compliant and ISO 27001 and Cyber Essentials certified.

  • FYLD undergoes annual, independant assessments to maintain compliance with ISO27001 standards.

Incident Response

  • Where an information security event has occurred, this will be immediately reported to the Directors / Engineering Team depending on whether it is an internal security incident or an App Security Incident. The Directors / Engineering Team will log incident records on internal systems. An assessment will be made as to the nature of the breach if any and then notifications will begin. If the data breach is determined to be low risk, then the victim of the data breach will be notified in writing within 20 working days. If the data breach is determined to be high risk, then the victim and the ICO will both be notified within 72 hours of the data breach.

  • Yes, FYLD has full ISMS documentation available upon request that outlines incident respone plans.

Backup and Recovery

  • Backups are carried out daily, FYLD also stores all error logs for review and audit purposes. FYLD utilises AWS-S3 for storage of backup files and other media allowing restoration and recovery.

Network Security

  • Automated tools and processes help identify security threats and vulnerabilities across FYLD’s infrastructure and application layers.

    This includes but is not limited to tools such as AWS Guard Duty and AWS Shield.

Integration with Existing Systems

  • Yes, FYLD is capable of integrating directly with SAML-2 SSO systems such as Microsoft Azure and OKTA.

  • Yes, FYLD can provide API access where required to connect with internal systems for custom integrations.

Vendor Security Practices

  • Automated tools and processes help identify security threats and vulnerabilities across FYLD’s infrastructure and application layers.

    This includes but is not limited to tools such as AWS Guard Duty and AWS Shield.

  • Yes, FYLD is ISO27001 accredited with the latest audit having been carried out in December 2023.

Software Development Practices

  • Security engineering principles are applied across the full software development lifecycle within FYLD. All changes to the system run through multiple steps of QA in separated environments and only once all tests are passing then the changes get promoted to production.

    All code is stored in Github (including IaC), all changes are made via peer reviewed PR and also scanned by automated tools.

  • Annual penetration testing and IT phishing tests are carried out by external parties, all other exercises are carried out by company employees and automated vulnerability scanning.

Physical Security

  • FYLD data centres are hosted on AWS (Region specific based on customer location) and therefore the security of the cloud and data centres is managed by AWS according to the Shared Responsibility Model.

Patch Management

  • Security patches are applied within 30 days inline with FYLD’s ISO 27001 compliance. Patch identification is raised automatically by 3rd party tools and services used to constantly monitor FYLD application and infrastructure codebase.

    Immediate patch releases can be put together for high priority vulnerabilities.

    FYLD carries out infrastructure patching, at least on a monthly basis, without causing service outage. FYLD aims to provide 99.99% availability with it’s services. All application layer patching occurs as part of the SDLC process.

Service Level Agreements (SLA)

  • FYLD currently maintains a 99.99% availability and manages scalable fault tolerance via automatic failover, continuous automated monitoring and alert systems. Backend APIs are deployed in ECS across multiple AWS availability zones within each region and autoscale based on load.

End-of-Life and Decommissioning

  • All data stored in FYLD is to be retained for the duration set out in the contract post contract termination. Thereafter it will be securely erased.

Third-Part Security

  • Yes, FYLD does utilise 3rd party services in development and support capacities.
    All FYLD staff, contractors/3rd party affiliates are trained on cyber security and vetted accordingly.

    All suppliers are subject to company vetting procedures which includes cyber security accreditation checks ensuring they are compliant with FYLD’s ISO27001 standards.

    In cases where a supplier is not directly accreddited with ISO27001 or SOC2, additional internal audits are carried out with the addition of further security training where required and NDA signatures accounting for all individuals with FYLD access.

Disaster Recovery and Business Continuity

  • Yes, FYLD has a fully revised BCP and documented ISMS that details the precautions and processes in the event of a security incident.

Get in touch

Talk to FYLD today

We’d love to show you how FYLD can help your organisation run safer, more efficient job sites. Email us using the details below or fill out the form and we’ll reach out to you.