Last Updated: 10/17/2022
FiPath4Advisors, LLC (hereafter “FiPath”) the owner of the REFERMEIQ™ trade name and product is actively committed to ensuring the security of the application and to remaining current with industry best practices. Security compliance is a central theme throughout our organizational structure, training, technology, and business processes.
This page outlines our commitments to security and highlights the steps we take to ensure our users’ data is safe and protected and any risks to our organization are identified and managed. For more information on how user data is being handled, please refer to our Privacy Policy.
SECURITY AS A PRIORITY
We aim to create a strong security culture amongst all employees and contractors of FiPath. Every employee is essential to our defense against potential security incidents.
This culture is present in all stages of the employment lifecycle. This includes during the recruiting process, employee onboarding, employee offboarding, and is integral in every aspect of our employees’ day-to-day processes. Each employee undergoes annual cybersecurity training and reviews security practice policies. All employees working at FiPath must follow our password security and lockout policy, must have 2FA authentication, and must have a secure Wi-Fi connection.
SECURITY DEVELOPMENT PRACTICES
Our software developers receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc. The IT department also attends technical presentations on security-related topics, receives regular updates on the newest issues from the Cybersecurity space in our Security channel.
SECURITY COMPLIANCE
As part of our commitment to treating security as an ongoing initiative, FiPath takes actions on a regular cadence to assess, identify, and remediate any potential security concerns.
Annual Penetration Testing
The ReferMe IQ web application undergoes annual penetration testing of both the app and network. This test utilizes an accredited third-party vendor to perform in-depth testing to identify potential risks or areas of concerns. FiPath is committed to addressing any issues found though this testing and taking the steps to remediate promptly after the conclusion of the test.
SOC 2
FiPath is currently in the process of receiving our SOC 2 compliance report with an expected certification date of Q4 2022.
Our Vendors
FiPath utilizes reputable, best-in-class vendors with a long history of security compliance. The Security Team evaluates each of these vendors on an annual basis to ensure that they remain current with their security compliance and practices.
CONTACTING US
If you have any questions about our commitment to security or would like to learn more about the steps we take to ensure we mitigate potential risk, please contact us via our contact form.