NEW: Factal and International SOS announce strategic partnership

Factal
  • Why Factal?
    Overview ROI
  • Solutions
    Global security and travel safety Business continuity and supply chain Geopolitical risk intelligence Brand risk and crisis communications Data solutions and AI safety Media newsrooms Humanitarian NGOs
  • Partners
  • Resources
    Blog iOS app Android app Global security briefing Benchmarker newsletter Forecast newsletter Forecast podcast Debrief newsletter Climate security report
  • Company
    About us Team Work with us Code of ethics Our story Press Contact
  • Member sign in
  • Why Factal?
  • Solutions
  • Partners
  • Company
Sections
  • Security compliance
  • Logging into Factal
  • Vulnerability scanning and penetration testing
  • Encryption

Security at Factal

Last updated February 26, 2024

Factal values our members' trust and takes security very seriously. This page answers some frequently asked questions about Factal's security posture.

Security compliance

What security standards does Factal follow?

Factal is compliant with SOC 2 Type II security controls. Current Factal members may contact your member success manager to request to view our SOC 2 report.

My organization needs Factal to fill out a security questionnaire or provide documentation of Factal's policies. What should I do?

Current Factal members and trialists should contact their member success manager with any documentation requests. Prospective members may email hello@factal.com for more information.

Do Factal employees complete regular security training?

All Factal staff, contractors, and interns -- including our editors -- are required to complete security training and review and accept Factal's security policies annually.



Logging into Factal

Can my organization use single sign-on (SSO) to log into Factal?

Yes! Factal can integrate with your organization's Identity Provider for SSO (SAML 2.0) login capabilities. Contact your member success manager to set up an appointment with Factal's integration team.

Can users sign in with multi-factor authentication (MFA)?

Soon! Factal anticipates making MFA available for Factal.com using an authenticator app later in 2024. Organization administrators will be able to opt their organizations' users into MFA.

How often do I have to log back in to Factal?

Your organization admins can set when your Factal session expires in the Org/Member Settings tab under Organization Settings.



Vulnerability scanning and penetration testing

How often does Factal have penetration testing conducted?

Factal contracts with third-party testers to have penetration testing conducted at least annually. A copy of the most recent report is available upon request to current and prospective members.

How often does Factal conduct vulnerability scans?

Factal conducts vulnerability scans at least quarterly. GitHub security advisories and security scanning functionality built into Factal’s CI/CD process alert team members to vulnerabilities in software dependencies.



Encryption

How is Factal data encrypted?

Factal data is encrypted at rest and in transit. Data is secured at rest using AES-256 encryption. Data is secured in transit via TLS 1.2+. Encryption keys are managed by Heroku.



If you have any other questions, please email hello@factal.com.



Facts save lives

  • Pages
  • Home
  • Why Factal?
  • Solutions
  • Partners
  • ROI
  • Member sign in
  • Resources
  • Blog
  • iOS app
  • Android app
  • Global security briefing
  • Benchmarker newsletter
  • Forecast newsletter
  • Forecast podcast
  • Debrief newsletter
  • Climate security report
  • Company
  • About us
  • Team
  • Work with us
  • Our story
  • Contact us
  • Code of ethics
  • Press
  • Security
  • Privacy policy
  • Your privacy choices
  • Terms
  • Follow us
  • LinkedIn
  • X/Twitter
  • Bluesky
  • Threads
  • Facebook
See why Factal is trusted by the world's most resilient companies

Contact us to book a time to provide a tailored demo. If you like what you see, you can take Factal for a free 30-day test drive.

We've made it fast, simple and stress-free to trial Factal — no paperwork or downloads required. Our secure, cloud-based technology can be configured in just a few minutes.


If you're an NGO, please contact us here.

Questions? Please email us at sales@factal.com

Watch a two-minute Factal demo
Get the Benchmarker newsletter every week
* indicates required
You can unsubscribe at any time via a link in each email. Here's our privacy policy.
Thank you for contacting Factal! We'll get back to you shortly.