SECURITY
When you share files and feedback by email, you lose control over who sees what. Filestage changes that with one secure space to manage approvals.
Filestage keeps your data private and safe by following strict international regulations.
We proudly hold a CSA STAR Level One attestation, demonstrating our commitment to cloud security best practices. This assures you of our rigorous adherence to privacy and security standards and transparency in protecting your data.
We respect your privacy and commit to protecting your data by being GDPR-ready. Rest assured that our robust safeguards and transparent practices meet stringent European data protection standards.
We’re certified against ISO/IEC 27001:2022 and undergo annual audits to maintain compliance. This rigorous certification ensures top-tier security practices and continuous protection for your data.
Our standard SLA offers a monthly uptime rate of 99.1%, while our Enterprise SLA uptime rate is 99.9%.
Our platform is hosted on AWS EU data centers. This offers unparalleled reliability, scalability, and compliance with industry best practices. With AWS’s secure and resilient cloud environment, your data is protected and accessible when you need it.
Benefit from the latest advancements in secure data transmission, TLS 1.2 and 1.3. This lets you enjoy faster and more reliable connections, while ensuring that data sent to our servers is safeguarded against eavesdropping and tampering.
Enjoy peace of mind knowing we shield your sensitive information with one of the industry’s most robust encryption standards, AES 256. This ensures that data stored on our servers remains private and secure.
Rest easy knowing our platform undergoes annual penetration testing to identify and address vulnerabilities. This proactive approach allows us to consistently protect your data against emerging threats and security risks.
Set a secure password in line with security best practices
Passwords are a minimum of eight characters and are encrypted to protect your users’ data.
Sign up and log in securely with OAuth or federated SSO
Authenticate team members faster with Google SSO, SAML, OpenID Connect, and more.
Choose exactly who you want to see your content
Only the reviewers you invite by email will be able to see and review your files.
Stop stakeholders from sharing review links with teammates
New reviewers will have to request access before they can see your content.
Keep sensitive files secure with custom roles and permissions
Use role names that make sense for your organization, then assign them to team members to control their access.
Restrict actions based on your files’ review statuses
Pause comments between review rounds or prevent downloads until files have been approved.
Make reviews extra secure by verifying users and approvals
Give reviewers the option to “Approve and sign” content in line with FDA 21, CFR Part 11, and EU Annex 11 regulations.
Anonymize reviewers to protect stakeholders’ identities
Make content reviews transparent and collaborative without revealing stakeholder’s personal data.
Make it easy to go back and check who approved a file
Download a PDF report for each file, including every comment, change request, and approval across all reviewer groups.
Get a log of your organization’s Filestage activity
Reach out to our customer success team for your log, or use our public API to access this data at any time.
Where is Filestage hosted, and where will my data be stored?
Our platform and your data are hosted in two availability zones (i.e. data centers) in Frankfurt, Germany. In addition, we temporarily deliver uploaded media files worldwide via a content delivery network (CDN) for optimal performance.
How do you manage vulnerabilities and their patches?
We maintain a Patch and Vulnerability Management Policy. This is supported by a procedure for performing periodic vulnerability scans and penetration tests, and prioritizing vulnerability remediation based on risk levels.
How do you manage changes to your platform?
We maintain a Secure Change Management and Development Policy and Secure Software Development Life Cycle. This makes sure that changes are requested, authorized, reviewed, and approved before deployment to production. During review, we assess privacy and security controls against industry best practices such as OWASP Top 10.
How do you manage business continuity and disaster recovery?
We maintain a Business Continuity and Disaster Recovery Policy supported by a procedure for regaining uptime and recovering data from our backups.
How do you manage incidents?
We maintain an Information Privacy and Security Incident and Breach Management Policy. This is supported by a procedure for detecting and reporting incidents, assessing incidents and deciding on a course of action, responding to and recovering from the incident (i.e. implementing the decided course of action), notifying affected parties, learning from the incident, and maintaining evidence of the incident, actions taken, and lessons learned
Does Filestage offer a Data Processing Agreement (DPA)?
We’ve incorporated our DPA into our Master Services Agreement (MSA), so you don’t have to sign it separately. But if this is a requirement from your organization, our Sales team will help.
Does Filestage make use of third parties (i.e. sub-processors)?
At Filestage, we embrace remote working. This means we’re a fully-remote and globally-distributed team that leverages third-party cloud services providers (CSPs) for our products (i.e. hosting and delivering our application, app.filestage.io). We understand that using third-party CSPs carries an element of risk. That’s why we have a robust third-party privacy and security risk management program. As part of our program, we assess each subprocessor’s privacy and security practices before using their services. This assessment includes reviewing their information security management systems and data processing agreements (DPAs). We prefer sub-processors who are GDPR-compliant and certified against industry best practice standards such as ISO 27001. In addition, and where required, we enter into DPAs with each sub-processor.
