Industries
Featured
Insights
Featured
Topics
Our Industries
Our Capabilities
Case Studies
Research

Our Core Security Policies
​
Restricted Access
Our security policy enforces strict access controls, ensuring that sensitive data is accessible only to authorized personnel. Access is granted based on job roles, responsibilities, and clearance levels. Comprehensive authentication mechanisms, including biometrics, key-card access, and multi-factor authentication, further limit access to authorized individuals.
​
Background Checks
Employees undergo thorough background checks, including SF-86 investigations for positions requiring access to highly sensitive data. These checks assess an individual's trustworthiness, financial stability, and any potential security risks, providing an additional layer of security. All employees handling or privy to sensitive information receive a premium in pay and are fiduciary responsible for the success of a project. All employees handling or privy to sensitive information are actively monitored for changes in credit, criminal history, household situations, social networks, and travel plans. We employ a preemptive measure protocol that automatically restricts an employee's access to any and all sensitive information should we identify any flags or concerns.
​
Need-to-Know Basis
We follow a strict "need-to-know" principle, limiting access to sensitive data to only those individuals who require it to perform their job functions. This minimizes the risk of data exposure and unauthorized access. Specific segmentation, job responsibilities, and number of employees knowledgable on the full scope of a project will be discussed in greater detail during your Consultation with Firnal.
​
Data Segmentation
Sensitive data is compartmentalized through data segmentation. This practice involves isolating sensitive information into separate, secure environments, reducing the risk of unauthorized access or data leakage. Data segmentation ensures that even if one segment is compromised, the rest of the data remains protected.
​
Document Controls
Our security measures extend to document management. All sensitive documents are encrypted, and access to them is logged and closely monitored. This ensures that only authorized personnel can access and modify these documents, adding an extra layer of protection against data breaches. Sensitive information is never shared over the email nor is Sensitive Information ever stored on local or cloud based computers. Senior Executives at Firnal hold sensitive documents on their person at all times. All printed documents are marked with a unique code and is numbered. Printed Copies are assigned to specific individuals. Each copy has a unique combination of words and phrases throughout the pages to prevent any leaks or replication. Should any leaks or replication occur, Firnal will immediately be able to identify the source of the leak.
​
Cybersecurity Teams
We maintain dedicated cybersecurity teams staffed with experts in threat detection and mitigation. These teams work around the clock to monitor our systems for any signs of suspicious activity, allowing for real-time responses to potential threats.
​
Penetration Testing
Regular and Random penetration testing is a cornerstone of our security strategy. This involves simulated attacks on our systems to identify vulnerabilities. Our Penetration/Red Testing Team is separate from our Cybersecurity team and is rewarded for finding any network vulnerabilities. Penetration Testing is conducted randomly and dates are only known by the Senior Executive Team at Firnal. By proactively addressing these weaknesses, we maintain a strong defense against cyber threats.
​
Firewall Testing
Our firewalls are subjected to rigorous testing to ensure their effectiveness in preventing unauthorized access and data breaches. Regular updates and patches are applied to keep them resilient against evolving threats. These measures are essential in safeguarding our sensitive data and maintaining the highest security standards.
​
Data Encryption
Our commitment to data security includes encryption of sensitive data at rest and during transmission. This industry-standard practice ensures that even if data is intercepted, it remains unreadable without the proper decryption keys.
​
Physical Security
Our facilities are fortified with robust physical security measures. Biometric access controls, surveillance systems, and restricted access areas are implemented to prevent unauthorized entry and safeguard sensitive infrastructure.
​
Employee Training
Our workforce is a crucial component of our security posture. We invest in comprehensive security training to educate employees on security protocols, threat awareness, and best practices, reducing the risk of human error.
​
Incident Response Plan
Preparation is key. We have a meticulously developed incident response plan in place to swiftly and effectively respond to security incidents. This includes steps for containment, investigation, mitigation, and communication.
​
Regulatory Compliance
We are dedicated to upholding regulatory compliance concerning data protection and privacy. Our practices align with relevant data protection laws and industry standards, ensuring the secure handling of sensitive information while maintaining legal adherence.
Contact Us
For questions regarding your privacy or our policies you can reach out to us at privacy@firnal.com or at legal@firnal.com
​