Trust Report

The Information Security program at Flock aligns with industry recognized security frameworks including: SOC 2 Type II, SOC 3 Type II, NIST Cybersecurity Framework, Cloud Security Alliance's Cloud Control Matrix, AWS Foundational Security Best Practices, and CIS AWS Foundations Benchmarks. Here are just a few examples of the security safeguards required to demonstrate compliance with these frameworks and attestations.

Identity and Authentication

  • Multi Factor authentication
  • Single Sign On
  • Credential Management
Learn more
Identity and Authentication
Multi Factor authentication
Customer account admins have the ability to require multi factor authentication for users within their assigned organization. Multi-factor authentication aids in mitigating risks relating to password harvesting.
Single Sign On
The platform integrates with existing customers SSO solutions and uses industry standards for authentication.Flock uses an identity solution for workforce members that provides governance of identity and authentication management throughout the organizations applications and infrastructure.
Credential Management
Authenticators for system and services are AES 256 encrypted and protected using the latest security services by Amazon Web Services, Secrets Manager and Parameter Store.

Supply Chain Risk Management

  • Risk Profiling
  • Ongoing monitoring and recertification
  • Vendor security requirements
Learn more
Supply Chain Risk Management
Risk Profiling
Security evaluates the use of vendors to understand intended access, architecture, and data sharing that is planned and confirms that vendors can comply with industry standards for information security.
Ongoing monitoring and recertification
Existing vendors are routinely assessed to confirm continuous adherence to information security standards and ongoing protection of access and data stewardship.
Vendor security requirements
A master services agreement exists that includes information security requirements and expectations for data protection for vendors that are trusted with Flock data.

Application and Software

  • Development Standards
  • Security Patching Notice
  • Testing and Monitoring
Learn more
Application and Software
Development Standards
Security requirements, aligned to industry best practices such as the Open Worldwide Application Security Project (OWASP) and Security Cheat Sheet Series projects are communicated during design phases and validated through both Static and Dynamic Application Security Testing.
Security Patching Notice
Flock provides timely notifications to customers of significant threats affecting product security with instructions for mitigations and patches as soon as they become available.
Testing and Monitoring
Penetration testing through assistance from a reputable outside security provider is performed annually. External facing applications are monitored continuously using authenticated Dynamic Application Security Testing and Software is analyzed for vulnerabilities and licensing compliance.

Flock Device Security

  • Endpoint Encryption
  • Secure Installation
  • Asset Management
Learn more
Flock Device Security
Endpoint Encryption
Footage is encrypted at the point of collection and transmitted with transport encryption to backend cloud infrastructure where it is stored with advanced encryption.
Secure Installation
Products are assembled within our factories by trained technicians and access is controlled through secure policy configurations that restrict the amount of interaction with devices deployed within the field.
Asset Management
Devices that are connected to Flock’s network and infrastructure are tracked centrally that validate the deployment of protection mechanisms and identify unauthorized assets.

Access Control

  • Role Based Access Control
  • Account Management
  • Privileged Access Management
Learn more
Access Control
Role Based Access Control
The platform provides customer’s role based access control to organizations with account administrators that can manage and control individual users’ access to features such as video, pan-tilt-zoom (“PTZ”) capabilities, logs, search, and sharing.
Account Management
Every customer is provided access to their devices and the ability to monitor and manage associated content. Device sharing is limited to specific entities and users, protecting unauthorized users from gaining control over devices and mitigating risks of misuse.
Privileged Access Management
Hardware tokens are required for administrator access to sensitive technology resources and soft tokens are required by users to access sensitive personal data.

Infrastructure and Network

  • Threat Monitoring
  • Secure Configuration
  • Encryption
Learn more
Infrastructure and Network
Threat Monitoring
Threat detection services provided through AWS continuously protect and monitor for malicious network activity against essential cloud services.
Secure Configuration
Flock uses both AWS Government and Commercial services to provide a secure cloud configuration with solutions and tools for identity and access management, encryption, auditing, and compliance monitoring. Flock also configures cloud computing resources to industry benchmarks from the Center for Internet Security (CIS). Technology deployed on cloud resources continuously scan for misconfigurations, vulnerabilities, and non-compliance issue.
Customers accessing data are using the latest TLS protocols to provide confidentiality and integrity of communication over the internet and data at rest is encrypted using AES 256. Key Management uses he latest technologies offered by AWS.

Incident Detection and Response

  • Activity Logging
  • Event Monitoring
  • Incident Containment and Response
Learn more
Incident Detection and Response
Activity Logging
Auditing is established to capture details of user activities including user, organization, devices access, timestamps, filters utilize and associated case numbers to provide a transparent and detailed record of each action performed within the system.
Event Monitoring
System activity logging provides customers transparency and accountability needed to conduct reviews of compliance to standard operating procedures, legal protocols, and ethical guidelines and can be used to detect unauthorized associations for investigation of noncompliance with data protection and privacy regulations.
Incident Containment and Response
Operating procedures are designed to investigate and react to events that could impact Flock’s security objectives.These procedures are routinely assessed with synthetic incidents to ensure roles and responsibilities throughout the organization are understood and procedures for containment and response are effective in the event of an actual security incident.

Risk Analysis Management

  • Threat Analysis and Monitoring
  • Control Assessments
  • Issues tracking and remediation
Learn more
Risk Analysis Management
Threat Analysis and Monitoring
Flock conducts routine evaluation of threats and vulnerabilities to the organization’s security objectives and measures the impact and likelihood of defined risk scenarios.
Control Assessments
Controls deployed to mitigate security risks are regularly assessed to confirm existence and operating effectiveness both internally and by objective third parties.
Issues tracking and remediation
Vulnerabilities identified from assessments are tracked and monitored until implemented. The timeliness of remediation is based on issue severity and addressed based on industry expectations.

Policies and Governance

  • Cybersecurity Polcies
  • Privacy Policy
  • Bug Bounty and Responsible Disclosure
Learn more
Policies and Governance
Cybersecurity Polcies
The organization documents security roles, responsibilities, and requirements for securing systems and data.
Privacy Policy
Flock publishes a policy that is publicly accessible that describes the organization's practices for data sharing, usage, and retention of customer information. An email is published for customers and individuals to utilize to learn more about specific privacy rights to personal information Flock collects and uses.
Bug Bounty and Responsible Disclosure
Flock has policies that describe the scope for vulnerability disclosure, types of vulnerabilities, a process for contacting, and response time for evaluating and remediating reported vulnerabilities.

Physical and Environmental

  • Data Center Protection
  • Availability Zones
  • Load Balancing
Learn more
Physical and Environmental
Data Center Protection
AWS provides state of the art data centers that provide physical protection at the perimeter, infrastructure, data and environmental levels.
Availability Zones
Multiple availability zones are utilized through AWS cloud services which provide a higher degree of fault tolerance and scalability which ensures Flock OS continues to remain available at all times.
Load Balancing
Through the use of AWS services load balancing automatically monitors performance, routes traffic to healthy targets, and scales capacity automatically.

Business Continuity

  • Backup and Recovery
  • Contingency Planning and Testing
  • Criticality Analysis
Learn more
Business Continuity
Backup and Recovery
Flock performs regular backups of data and protects backups with AES encryption in an offline location. Procedures are established to validate completeness of backups, perform restoration activities to ensure recoverability of data, and confirm that access to backup data is protected with the same information security controls as production data.
Contingency Planning and Testing
A business continuity plan has been drafted to define responsibilities for key personnel in the event of a business disruption which is routinely tested to assess understanding of responsibilities and procedures.
Criticality Analysis
Flock identifies critical systems and the associated impacts of loss of availability to determine the recovery points to maintain essential customer services in the event of a disruption.

Personnel Security

  • Employee Training
  • Rules of Behavior
  • Enforcement and Sanctions
Learn more
Personnel Security
Employee Training
Employees are required to complete security awareness training annually. Training provided includes awareness around common cyber threats including phishing, password harvesting, physical security and data protection.
Rules of Behavior
Rules of Behavior are communicated to employees that outline the responsible use of technology, the consequences of misuse, and employees are required to sign documents annually.
Enforcement and Sanctions
Flock’s Employee Handbook includes penalties for non compliance with Code of Conduct which can include separation from the company.

Request access