Compliance and security at its core
About Fize
Fize is an innovative platform that provides instant access to the entirety of a consumer's insurance carrier-verified policy data – Instant Access to complete insurance data. Carriers utilize Fize to reduce adverse selection, fraud and offer hyper personalized multi policy quotes. Agents, Brokers utilize the platform to cut quoting time by half, close more business while offering curated insurance products the customer needs.
Does Fize encrypt data
Yes, Fize encrypts data.
- Fize requires all external data transmission over the internet and intranet to be encrypted end-to-end. This ensures that data in transit is secured against potential eavesdropping or tampering.
- Fize also stores all production data at rest on encrypted volumes. This means that the data, when not actively being used or transmitted, is encrypted on storage devices, making it secure against unauthorized access or theft.
Furthermore, Fize manages its own encryption keys for both data in transit and data at rest, enhancing the security by ensuring full control over who can access and decrypt the data.
Is Fize safe to use?
Yes, Fize is safe to use. Fize Connect uses some of the most advanced security and encryption methods available to safely connect your insurance account.
How does Fize protect proprietary data as it transverses through the internet?
Fize employs robust measures to protect proprietary data as it traverses the internet:
TLS Protocols: Fize uses Transport Layer Security (TLS) protocols, specifically the more modern and secure TLS 1.2, to establish an encrypted connection between clients and servers. This ensures that data transmitted remains confidential and cannot be eavesdropped upon.
Advanced Encryption: Data is encrypted using AES256, which is among the strongest encryption standards available. It provides a high level of security against potential brute-force attacks.
Secure Hashing: Fize uses SHA2 signatures to verify the integrity of the data. This ensures that the data has not been altered or tampered with during its journey across the internet.
Strict Cipher Suite Selection: Fize supports only the latest recommended secure cipher suites. By restricting to the most robust ciphers, the risk of data being decrypted by unauthorized entities is minimized.
Certificate Pinning: This involves hardcoding the certificate of the server in the app. It's a way to ensure the app communicates only with the intended server and is not tricked by any potential attackers using rogue certificates.
DNSSEC (Domain Name System Security Extensions): It can be used to protect against man-in-the-middle attacks by ensuring that the domain being connected to is genuine and hasn't been redirected or hijacked.
VPN and Secure Tunnels: For extra-sensitive data transfers, Fize might utilize Virtual Private Networks (VPNs) or dedicated secure tunnels which offer an additional layer of encryption and security.
Zero Trust Architecture: Instead of trusting any internal or external request by default, every access request might be fully authenticated, authorized, and encrypted before granting access.
Regular Audits and Monitoring: Fize might continuously monitor data traffic for anomalies and perform regular security audits to ensure that data protection measures are effective and up-to-date.
Education and Training: Informing employees, clients, and partners about best practices in data transmission and the importance of using updated software can prevent potential weak points.
By implementing and maintaining these strategies, Fize ensures that its proprietary data is safeguarded as it moves across the internet.
About Fize
Fize employs robust measures to protect proprietary data as it traverses the internet:
TLS Protocols: Fize uses Transport Layer Security (TLS) protocols, specifically the more modern and secure TLS 1.2, to establish an encrypted connection between clients and servers. This ensures that data transmitted remains confidential and cannot be eavesdropped upon.
Advanced Encryption: Data is encrypted using AES256, which is among the strongest encryption standards available. It provides a high level of security against potential brute-force attacks.
Secure Hashing: Fize uses SHA2 signatures to verify the integrity of the data. This ensures that the data has not been altered or tampered with during its journey across the internet.
Strict Cipher Suite Selection: Fize supports only the latest recommended secure cipher suites. By restricting to the most robust ciphers, the risk of data being decrypted by unauthorized entities is minimized.
Certificate Pinning: This involves hardcoding the certificate of the server in the app. It's a way to ensure the app communicates only with the intended server and is not tricked by any potential attackers using rogue certificates.
DNSSEC (Domain Name System Security Extensions): It can be used to protect against man-in-the-middle attacks by ensuring that the domain being connected to is genuine and hasn't been redirected or hijacked.
VPN and Secure Tunnels: For extra-sensitive data transfers, Fize might utilize Virtual Private Networks (VPNs) or dedicated secure tunnels which offer an additional layer of encryption and security.
Zero Trust Architecture: Instead of trusting any internal or external request by default, every access request might be fully authenticated, authorized, and encrypted before granting access.
Regular Audits and Monitoring: Fize might continuously monitor data traffic for anomalies and perform regular security audits to ensure that data protection measures are effective and up-to-date.
Education and Training: Informing employees, clients, and partners about best practices in data transmission and the importance of using updated software can prevent potential weak points.
By implementing and maintaining these strategies, Fize ensures that its proprietary data is safeguarded as it moves across the internet.
Yes, Fize encrypts data.
- Fize requires all external data transmission over the internet and intranet to be encrypted end-to-end. This ensures that data in transit is secured against potential eavesdropping or tampering.
- Fize also stores all production data at rest on encrypted volumes. This means that the data, when not actively being used or transmitted, is encrypted on storage devices, making it secure against unauthorized access or theft.
Furthermore, Fize manages its own encryption keys for both data in transit and data at rest, enhancing the security by ensuring full control over who can access and decrypt the data.
Fize adopts a multi-faceted approach to guarantee consistent attention to data protection and compliance:
Compliance Automation Platform: This platform continuously monitors for deviations from set compliance benchmarks, streamlines audits, and provides recommendations to ensure alignment with data protection standards.
Annual Security Reviews: Fize revisits its security procedures and policies yearly. This helps them stay updated with evolving threats and changing regulations.
SOC2 Adherence: Compliance with SOC2 standards means Fize maintains rigorous data security, availability, integrity, confidentiality, and privacy practices.
Dedicated Oversight Committee: Comprising senior management and specialists, this committee conducts yearly evaluations of the company's Information Security Policy (ISP), ensuring it remains robust and relevant.
Vendor Compliance: Fize maintains a list of its key vendors and their compliance documentation. This proactive measure ensures that third-party services align with Fize's commitment to data protection. Critical vendor compliance reports are examined annually.
In addition to the above, Fize also remains vigilant about global data protection regulations, regularly updates its staff through training sessions, and encourages an open feedback mechanism for continuous improvements in data protection and compliance.
Yes, Fize does perform regular vulnerability assessments:
Third-Party Engagement: Fize collaborates with external experts to conduct vulnerability scans specifically in its production environment. This ensures an unbiased, expert evaluation of the environment's security.
Management Review: After the assessment, results are not left to stagnate. They are actively reviewed by Fize's management, demonstrating the company's commitment to addressing potential security issues.
Priority-Based Action: Fize doesn't just review the findings; high-priority vulnerabilities are tracked until they are resolved. This ensures that critical vulnerabilities are addressed promptly to minimize potential risks.
Infrastructure Focus: The third-party assessment targets the infrastructure, looking for potential vulnerabilities in servers, networks, and other foundational systems.
Scope Limitation: It's important to note that the vulnerability assessment does not include a source code review. Thus, while the infrastructure is examined for potential vulnerabilities, the software code itself is not audited in this process.
Overall, Fize takes proactive steps to identify and address potential vulnerabilities in its production environment through regular assessments.
Compliance and Security
Fize is building the infrastructure that powers best-in-class insurance experiences. Deliver delightful, intelligent and frictionless insurance services, trusted by leading insurance innovators.
We are SOC II Type 2 Certified, following strict information security policies and procedures.
Our infrastructure is continuously monitored for security and compliance.
We keep your data encrypted every step of the way. We use 256-bit AES encryption at rest and TLS 1.3+ in transit.