Due to the sensitive data processed in our software, fruiStrategy has implemented processes to maintain security of customer and user data.

Below, we have summarized key security processes.


Production

fruiStrategy employs a cloud deployment model for its software-as-a-service (“SaaS”) solution. All software maintenance and configuration activities are conducted by fruiStrategy employees. fruiStrategy employs industry standard practices for security controls such as firewalls, intrusion detection, and change management.


Scalability

fruiStrategy's distributed architecture for data collection and processing allows it to scale horizontally as the number of clients and volume of traffic increase. fruiStrategy uses multiple monitoring processes and tools to continuously track network resources, operating systems, applications and capacity. Systems are scaled up when predetermined capacity thresholds are reached.


Risk Management

fruiStrategy has practices in place as part of its business continuity planning to assist management in identifying and managing risks that could affect the organization’s ability to provide reliable services to its clients. These practices are used to identify significant risks for the organization, initiate the identification and/or implementation of appropriate risk mitigation measures, and assist management in monitoring risk and remediation activities.


Training

General information security training is provided to all new employees (both full time and temporary) as part of their onboarding. A compulsory annual security and privacy training requirement ensures employees refresh their knowledge and understanding. Additional security training is also provided to employees who handle client data.


Documentation and Change Management

All critical and repeatable processes and security checks in production environment are either documented in procedures or implemented as automation scripts. fruiStrategy maintains and follows formal change management processes. All changes to the production environment (network, systems, platform, application, configuration, including physical changes such as equipment moves) are tracked and documented. All relevant business owners such as Support, Engineering, and DevOps, Security are represented at regular change management meetings.


Environments

Both scheduled and emergency changes are tested in separate environments, reviewed and approved by Engineering, and Technical Support before deployment to the production environment. Testing, other than deployment validation, is prohibited in the production environment.


Development and Support

fruiStrategy follows an agile development methodology in which products are deployed on an iterative, rapid release cycle. Security and security testing are implemented throughout the entire software development methodology. Quality Assurance is involved at each phase of the lifecycle and security best practices are a mandated aspect of all development activities.


Business Continuity and Disaster Recovery

Business continuity planning (BCP) and disaster recovery (DR) activities prioritize critical functions supporting the delivery of fruiStrategy to its clients. The development and scope of BCP and DR in each business function reflects the criticality of each function and/or facility in order to maximize the effectiveness of these efforts.


Encryption

Any customer data in the fruiStrategy application is encrypted in transit over public networks using Transport Layer Security encryption (TLS / HTTPS). The data provided by fruiStrategy's clients within the application is stored using industry-standard AES-256 encryption at rest.