Fime Test Factory Data Security Policy
Fime Test Factory (FTF) technical information

FTF Certification

Fime FTF is ISO IEC 27001:2013 certified. Certificate is available on demand.

 

Confidentiality

Architecture have been built to guarantee as much as possibly data confidentially with a strong data isolation at the different levels of the architecture, and especially:

·         All confidential data, as configurations, tests logs, … are managed in a secure encrypted container that is only open when a tool is launched and when data a saved by the tool.

·         Customer data is isolated from Internet after the tool is close or after some time of inactivity.

·         Tool is launched on demand, with access restriction to the person that have launched the tool.

·        Portal launches tool according to authentication and specific access rights of the user. Portal does not contain any user business data, but only administrative data like user information, profile, licenses and some tools status.

Security processes & reviews

ISO IEC 27001 implies to have a defined deployment process with some validations and some periodic reviews.

Portal and Tool Deployments

Different security checks are done at each deployment including:

·         A Vulnerability scan to identify potential CVE on components

·         An OWASP scan to validate Portal security

 

Periodic security reviews

  • Fime conducts security scans before each deployment of a new or updated Test Suites and FTF Product.

  • Fime mandates an external specialized thrid-party in order to conduct penetration tests every year.

  • Fime maintains a yearly Business Continuity Plan / Disaster Recovery Plan checklist covering the Fime Test Factory.

  • Fime's ISMS is ISO/IEC-27001:2013 certified. The certificate expires on 01-Dec-2024.

Fime can provide on demand a Security Report summarizing the last periodic security reviews applicable to the EMV Test Suites purchased by the customer requesting the report.




User management 

Provisioning of users for each Customer License can be managed by the “Customer Admin” profile(s) assigned to the Customer Licenses.

The “Customer Admin” profile is initially set by Fime's Solution Provisioning team for each new Customer License.

The “Customer admin” profile of one given Customer License has the ability to add/remove all users defined for the Customer License y in FTF Portal. This includes creating, updating or disabling user accounts (e.g. when the user leaves company) assigned to the Customer License.

Password policy

When an account is created, the user receives an automatic email containing a link to password creation page.

The users can request Fime to set a Multi-Factor Authentication in order for the users to follow their Corporate policies. In that case, the users need to add the system information that are required for the MFA setup (Phone number or Authenticator application on Mobile phone).

Password length should be longer than 12 characters with 4 types of digits: at least one lower case, one upper case, one number and one special character.

We recommend that users update their password regularly, at least every 3 months.

Password recovery

In case of password loss, user can ask to reset it password. An email is sent to email address with token to change password.
No staff member has access to your password. In case of loss, the only option is to reset it.

User email assignment

Fime strongly recommend to only use corporate emails for users to prevent former users to continue to access to the platform.

 (If email is a corporate email, former user cannot renew his password without accessing corporate email box).