Trust Report

Customer account admins have the ability to require multi factor authentication for users within their assigned organization. Multi-factor authentication aids in mitigating risks relating to password harvesting.

The platform integrates with existing customers SSO solutions and uses industry standards for authentication.Flock uses an identity solution for workforce members that provides governance of identity and authentication management throughout the organizations applications and infrastructure.

Authenticators for system and services are AES 256 encrypted and protected using the latest security services by Amazon Web Services, Secrets Manager and Parameter Store.

Security evaluates the use of vendors to understand intended access, architecture, and data sharing that is planned and confirms that vendors can comply with industry standards for information security.

Existing vendors are routinely assessed to confirm continuous adherence to information security standards and ongoing protection of access and data stewardship.

A master services agreement exists that includes information security requirements and expectations for data protection for vendors that are trusted with Flock data.

Security requirements, aligned to industry best practices such as the Open Worldwide Application Security Project (OWASP) and Security Cheat Sheet Series projects are communicated during design phases and validated through both Static and Dynamic Application Security Testing.

Flock provides timely notifications to customers of significant threats affecting product security with instructions for mitigations and patches as soon as they become available.

Penetration testing through assistance from a reputable outside security provider is performed annually. External facing applications are monitored continuously using authenticated Dynamic Application Security Testing and Software is analyzed for vulnerabilities and licensing compliance.

Footage is encrypted at the point of collection and transmitted with transport encryption to backend cloud infrastructure where it is stored with advanced encryption.

Products are assembled within our factories by trained technicians and access is controlled through secure policy configurations that restrict the amount of interaction with devices deployed within the field.

Devices that are connected to Flock’s network and infrastructure are tracked centrally that validate the deployment of protection mechanisms and identify unauthorized assets.

The platform provides customer’s role based access control to organizations with account administrators that can manage and control individual users’ access to features such as video, pan-tilt-zoom (“PTZ”) capabilities, logs, search, and sharing.

Every customer is provided access to their devices and the ability to monitor and manage associated content. Device sharing is limited to specific entities and users, protecting unauthorized users from gaining control over devices and mitigating risks of misuse.

Hardware tokens are required for administrator access to sensitive technology resources and soft tokens are required by users to access sensitive personal data.

Threat detection services provided through AWS continuously protect and monitor for malicious network activity against essential cloud services.

Flock uses both AWS Government and Commercial services to provide a secure cloud configuration with solutions and tools for identity and access management, encryption, auditing, and compliance monitoring. Flock also configures cloud computing resources to industry benchmarks from the Center for Internet Security (CIS). Technology deployed on cloud resources continuously scan for misconfigurations, vulnerabilities, and non-compliance issue.

Customers accessing data are using the latest TLS protocols to provide confidentiality and integrity of communication over the internet and data at rest is encrypted using AES 256. Key Management uses he latest technologies offered by AWS.

Auditing is established to capture details of user activities including user, organization, devices access, timestamps, filters utilize and associated case numbers to provide a transparent and detailed record of each action performed within the system.

System activity logging provides customers transparency and accountability needed to conduct reviews of compliance to standard operating procedures, legal protocols, and ethical guidelines and can be used to detect unauthorized associations for investigation of noncompliance with data protection and privacy regulations.

Operating procedures are designed to investigate and react to events that could impact Flock’s security objectives.These procedures are routinely assessed with synthetic incidents to ensure roles and responsibilities throughout the organization are understood and procedures for containment and response are effective in the event of an actual security incident.

Flock conducts routine evaluation of threats and vulnerabilities to the organization’s security objectives and measures the impact and likelihood of defined risk scenarios.

Controls deployed to mitigate security risks are regularly assessed to confirm existence and operating effectiveness both internally and by objective third parties.

Vulnerabilities identified from assessments are tracked and monitored until implemented. The timeliness of remediation is based on issue severity and addressed based on industry expectations.

The organization documents security roles, responsibilities, and requirements for securing systems and data.

Flock publishes a policy that is publicly accessible that describes the organization's practices for data sharing, usage, and retention of customer information. An email is published for customers and individuals to utilize to learn more about specific privacy rights to personal information Flock collects and uses.

Flock has policies that describe the scope for vulnerability disclosure, types of vulnerabilities, a process for contacting, and response time for evaluating and remediating reported vulnerabilities.

AWS provides state of the art data centers that provide physical protection at the perimeter, infrastructure, data and environmental levels.

Multiple availability zones are utilized through AWS cloud services which provide a higher degree of fault tolerance and scalability which ensures Flock OS continues to remain available at all times.

Through the use of AWS services load balancing automatically monitors performance, routes traffic to healthy targets, and scales capacity automatically.

Flock performs regular backups of data and protects backups with AES encryption in an offline location. Procedures are established to validate completeness of backups, perform restoration activities to ensure recoverability of data, and confirm that access to backup data is protected with the same information security controls as production data.

A business continuity plan has been drafted to define responsibilities for key personnel in the event of a business disruption which is routinely tested to assess understanding of responsibilities and procedures.

Flock identifies critical systems and the associated impacts of loss of availability to determine the recovery points to maintain essential customer services in the event of a disruption.

Employees are required to complete security awareness training annually. Training provided includes awareness around common cyber threats including phishing, password harvesting, physical security and data protection.

Rules of Behavior are communicated to employees that outline the responsible use of technology, the consequences of misuse, and employees are required to sign documents annually.

Flock’s Employee Handbook includes penalties for non compliance with Code of Conduct which can include separation from the company.