Security
The Fraim Application is created, managed, and controlled by Fraim Pty Ltd (ACN 661 995 517) (Fraim, we, us or our).
Fraim has a critical responsibility to protect your data and keep it secure. We are committed to being clear and open about our security, and will help you understand our practices so that you can use Fraim with confidence.
Fraim’s security priority is to maintain strictly authorised customer data access. To achieve this, we undertake extensive and continuous security design, review and process implementation, all with best practice security technology.
Encryption
Data rest. Data at rest in Fraim’s production cloud environment is encrypted with the AES-256 algorithm, using a FIPS 140-2 validated module. This applies to all data including databases, file stores, and backups. Data encryption keys are protected using envelope encryption.
Data in rest. Strong encryption protocols are used for all data transmitted from Fraim clients to the Fraim infrastructure. We support the latest recommended secure cipher suites for all data in transit, including TLS 1.2, AES256 encryption, and SHA2 signatures.
Data segregation. Each user organisation’s data is hosted in a shared Fraim infrastructure. We keep separate customers logically separated from each other. The Fraim service is hosted in cloud data centres maintained by industry-leading service providers with best practice physical protection. If you have specific data residency requirements regarding the country, region or location for storing your data at rest, contact us and we will help you with your specific needs.
Network and Personnel Security
Network access to Fraim’s production environment is heavily restricted. Only those network ports and protocols which are strictly necessary for Fraim’s service are open outside of our private network.
All workstations issued to Fraim team members are centrally managed, and comply with our standards for security. Each workstation is login-restricted, with two-factor authentication (including hardware keys where appropriate), and is monitored, updated, and tracked by best practice endpoint management solutions. Our workstation hard disks are encrypted, require strong passwords, and locked when idle. We enforce up-to-date monitoring software to report and quarantine potential malware and unauthorised applications.
Fraim team members are trained and tested regularly with global leaders in cyber security and training. Regular auditing ensures we maintain a culture of security vigilance at all levels of the organisation. This is a priority.
Access to data systems are granted on a least-privilege basis, meaning that team members are granted only the minimum access necessary to fulfil their duties. This access is reviewed regularly.
Data Retention
Fraim permanently deletes all customer data on production systems upon discontinuation of customer accounts or per specific request.
Incident Management
Fraim has developed policies and procedures for responding to potential security incidents. In the event of a potential incident, affected customers will be informed by our team. Incident response procedures are tested and updated annually.