FilmTrack undergoes an annual SOC1 Type 2 audit. The latest audit report was published in December 2022. The audit period for these reports is November 1, 2021, to October 31, 2022, and they should be considered current through December 2023.
FilmTrack undergoes an annual SOC2 Type II audit. The latest audit report was published in December 2022. The audit period for these reports is November 1, 2021, to October 31, 2022, and they should be considered current through December 2023.
The report covers Trust Services Principles Security and Availability set forth in 2017 Trust Services Criteria for Security and Availability (AICPA, Trust Services Criteria) for FilmTrack’s Software as a Service (SaaS) platform.
To learn about California Resident Rights, view Privacy Page
Data is protected in transit using HTTPS, TLS 1.2, TLS 1.3
Data hosted by FilmTrack (AWS) is encrypted using industry standard AES-256 encryption algorithm.
In the event of an attack, threat, or suspected breach of security against FilmTrack’s or its IaaS vendors’ data center, FilmTrack will use all reasonable commercial efforts promptly to notify Customer upon determination of the identity and impact of the breach.
Incident Response policy and procedures define areas of responsibility and involves the progression through the Incident Management Lifecyle stages:
Business Continuity plans are documented and updated annually. The plan ensures that assets and personnel are protected and establishes the recovery process in the event of a disaster.
FilmTrack offers fully automated, encrypted and complete hourly and daily backups on all FilmTrack Production environments and Customer Data. Reliable backups and quick recovery are a key component of effective data protection practices, and essential in the event of a data disaster. All backups will be stored in alternate Amazon Web Services (AWS) regions.
On a continuous basis, vulnerability scans are performed to detect vulnerabilities in Filmtrack’s application, cloud infrastructure and operating systems.
Annually, third-party penetration testing is performed. Management addresses vulnerabilities identified based on severity level and findings are tracked until resolution. Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) are performed.
Dynamic Application Security Testing is performed on a continuous basis.
Static Application Security Testing is performed on a continuous basis to analyze source code and identify security vulnerabilities before the code is compiled.
FilmTrack is a data processor and engages Subprocessors that may process personal data submitted to the FilmTrack service by the controller.
FilmTrack shall not engage any Subprocessors for the performance of any part of the Services without notifying Customer. To the extent such a Subprocessor is so engaged and is or will be provided with Customer’s Personal Data in connection with its performance of the Services, FilmTrack will conduct appropriate due diligence on such Subprocessor to confirm that such Subprocessor can comply with the requirements of this Addendum. FilmTrack will bind each such Subprocessor by written contract to obligations substantially similar to those owed by FilmTrack to Customer under the Agreement.
These Subprocessors are listed with a description of the service. This list may be updated by FilmTrack.