Data is stored securely within Microsoft’s Datacentres and depending on your location and data residency requirements this could be within Europe, the US or Asia. Microsoft’s datacentres and the infrastructure within meets a broad set of international and industry specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Data at rest is encrypted using 256 bit AES encryption, data in transit either entering or leaving the Floww platform is encrypt ed using a minimum of TLS 1.2.Any data that is held or accessed within our tenant databases is encrypted using TDE and a minimum of TLS 1.2.
Floww follows the principle of least privilege access meaning that Floww employees are only provided with the access they need to carry out their day to day tasks. All staff are provided with the minimum privileges and have to request additional temporary access if it is required to carry out a specific task. All permissions leverage role based access and are specific to a resource or service.
All files uploaded to the Floww platform are scanned for malware and other exploits. In the event that a file is infected du rin g the upload process you will be notified and the upload will fail.
All data is backup at regular intervals and if required can be restored to a specific point in time.