FortifID Customer Responsibilities
FortifID takes security and compliance seriously, but security and compliance are a shared responsibility between FortifID and the customer. In using FortifID services, the customer must utilize the services responsibly and in good faith.
FortifID and the client are both responsible for security when utilizing FortifID’s service offerings.
FortifID’s responsibilities include:
- The security of FortifID’s services and infrastructure. Includes, but is not limited to monitoring, event logging, vulnerability testing, penetration testing, server OS vulnerability patching, and incident management.
- Notifying the customer, as quickly as possible, if it becomes aware of any actual security incident involving client data.
Client responsibilities include:
- Secure handling and storage of credentials used to access FortifID services.
- Security of any application that the client may use to access the FortifID system.
- Accuracy, integrity and legality of content and data, and to securely manage the use of data in calls to FortifID services.
- Notifying FortifID as quickly as is reasonably possible when/if the client becomes aware of any actual or alleged data security issue or incident.
If Client suspects a data security event or incident, operational failure or any service problems, Client shall notify FortifID with as much detail as possible through the following:
For Client concerns or complaints, Client can notify FortifID with: