Frequently asked questions - Security

You’ve got questions about forms2 and we’ve got answers! Here are some frequently asked questions our team members have put together to help you understand a little more about what we do here.

Yes. Our servers are constantly updated and patched by Microsoft automatically via their Azure service.

We subscribe to services that conduct automated penetration tests monthly using industry security standard tools and services.

Yes, we utilise various security services to provide regular system security audits. Customers can also contact us to conduct penetration testing as desired to meet their requirements.

Yes, we use Windows and Chrome computers with auto-updating of operating systems and antivirus enabled.

We run a broad spectrum of monitoring tools, supplemented by notifications and alerts provided by Azure. This includes intrusion detection and email confirmations of network access.

We do not store PCI data, but network segmentation is employed based on Azure’s default configurations in this respect. Refer to Microsoft’s STAR self-assessment details found here:

Yes, this is inherited from Azure’s default infrastructure zoning. Refer to Microsoft’s STAR self-assessment details found here:

Yes. All firewalls and load balancing facilities are provided by Microsoft’s Azure platform. Refer to Microsoft’s STAR self-assessment details found here:

We require a minimum 6 characters in passwords on our basic password management level. OWASP and NIST SP 800-63-3 password policy options have been available since May 2018 for all customer accounts.

Customers can also implement their own choice of strength requirements by creating users & passwords through our APIs and turning off user password change functionality in the app.

Some shared accounts are employed based on access role, otherwise employees have their own dedicated accounts.

Clients have no access/accounts as mentioned above.

Want to build better business apps?