Security Policy

See data differently with DataFreedom.

33Floors and DataFreedom understand the value of our customers’ data and the critical importance of protecting sensitive information. As a result, our approach to data security meets or exceeds global security standards, safeguarding data integrity throughout the lifespan of our business relationship and beyond.

Compliance

33Floors and DataFreedom are AICPA SOC 2 compliant.

SOC 2
data

Organizational Protection Measures

Risk Assessment and
Vendor Management

33Floors and DataFreedom takes a proactive approach to the security of our IT systems and business processes with annual risk assessments and testing. Furthermore, we require all vendors to adhere to our high standards for security, starting with careful due diligence and establishing data protection requirements within all vendor contracts.

Personnel Security

As part of their onboarding process, 33Floors and DataFreedom employees are led through security awareness training,  including acknowledging the company’s Acceptable Use Policy. Security awareness and acceptable use are also reviewed by all employees annually. Additionally, employees and vendors sign non-disclosure agreements, ensuring compliance during and after their employment by 33Floors and DataFreedom. Employees are also guided by an extensive Mobile Device Management policy that addresses the security of company laptops and phones.

Disaster Recovery and
Business Continuity 

33Floors and DataFreedom have created an exhaustive disaster recovery and business continuity plan that is regularly reviewed to ensure it is up-to-date and accurate. The plan helps guarantee operational resilience, including the ongoing availability of critical systems and prompt restoration of full functionality in the event of a disaster.

Access Management

33Floors and DataFreedom conduct a thorough authorization process before granting access to IT systems and networks. We implement strict password and multi-factor authentication for these systems and provide employees with dedicated user account access for accountability and tracking purposes.

Data and Information Security

33Floors and DataFreedom affirm that our customers’ data belongs exclusively to them. We will never use or share customer data beyond what is thoroughly outlined in our agreement(s) with each organization. We allow access to client data only as is necessary to fulfill our agreed contractual obligations.