FilmTrack
TRUST CENTER

locked bank safe

FilmTrack Trust and Compliance Information

At FilmTrack, data privacy and security are priority.

What's included in the Trust & Compliance documentation?

Compliance

Data Security

Privacy Policy

Incident Management

Business Continuity

Threat Management

Subprocessor List

Compliance

Last Updated 6/1/23

SOC 1 Type 2

FilmTrack undergoes an annual SOC1 Type 2 audit.  The latest audit report was published in December 2022. The audit period for these reports is November 1, 2021, to October 31, 2022, and they should be considered current through December 2023.

SOC 2 Type 2

FilmTrack undergoes an annual SOC2 Type II audit.  The latest audit report was published in December 2022. The audit period for these reports is November 1, 2021, to October 31, 2022, and they should be considered current through December 2023.  

The report covers Trust Services Principles Security and Availability set forth in 2017 Trust Services Criteria for Security and Availability (AICPA, Trust Services Criteria) for FilmTrack’s Software as a Service (SaaS) platform.

CCPA

To learn about California Resident Rights, view Privacy Page

Data Security

Last Updated 5/31/23

Data Encryption In-Transit

Data is protected in transit using HTTPS, TLS 1.2, TLS 1.3

Data Encryption At-Rest

Data hosted by FilmTrack (AWS) is encrypted using industry standard AES-256 encryption algorithm.

Privacy Policy

Last Updated 5/31/23

Privacy Policy      Privacy Policy

Incident Management

Last Updated 6/1/23

Data Breach Notification

In the event of an attack, threat, or suspected breach of security against FilmTrack’s or its IaaS vendors’ data center, FilmTrack will use all reasonable commercial efforts promptly to notify Customer upon determination of the identity and impact of the breach.

Incident Response Plan

Incident Response policy and procedures define areas of responsibility and involves the progression through the Incident Management Lifecyle stages:

  • Preparation 
  • Detection and Analysis 
  • Containment, Eradication, and Recovery 
  • Post-Incident Activity 

Business Continuity

Last Updated 6/1/23

Business Continuity Plan

Business Continuity plans are documented and updated annually. The plan ensures that assets and personnel are protected and establishes the recovery process in the event of a disaster.

Data Backups

FilmTrack offers fully automated, encrypted and complete hourly and daily backups on all FilmTrack Production environments and Customer Data. Reliable backups and quick recovery are a key component of effective data protection practices, and essential in the event of a data disaster.  All backups will be stored in alternate Amazon Web Services (AWS) regions.  

Threat Management

Last Updated 6/1/23

Vulnerability Scanning

On a continuous basis, vulnerability scans are performed to detect vulnerabilities in Filmtrack’s application, cloud infrastructure and operating systems.

Penetration Testing

Annually, third-party penetration testing is performed. Management addresses vulnerabilities identified based on severity level and findings are tracked until resolution. Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) are performed.

DAST

Dynamic Application Security Testing is performed on a continuous basis.

SAST

Static Application Security Testing is performed on a continuous basis to analyze source code and identify security vulnerabilities before the code is compiled.

Subprocessors List

Last Updated 4/6/23

FilmTrack is a data processor and engages Subprocessors that may process personal data submitted to the FilmTrack service by the controller.

FilmTrack shall not engage any Subprocessors for the performance of any part of the Services without notifying Customer.  To the extent such a Subprocessor is so engaged and is or will be provided with Customer’s Personal Data in connection with its performance of the Services, FilmTrack will conduct appropriate due diligence on such Subprocessor to confirm that such Subprocessor can comply with the requirements of this Addendum.  FilmTrack will bind each such Subprocessor by written contract to obligations substantially similar to those owed by FilmTrack to Customer under the Agreement.

These Subprocessors are listed with a description of the service.  This list may be updated by FilmTrack.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, and analyze site usage. View our Privacy Policy for more information.