Security is a Differentiator

Giving your firm and your clients peace of mind makes the difference.

At First Rate, Security is a Differentiator! The necessary measures to ensure data security should never be overlooked. We are focused on the right kind of defense, so you can rest assured that your data is safe and protected.

Infrastructure Security

Protection is our first line of defense. First Rate has implemented numerous security measures and processes to protect our systems.

  • SELF-HOSTED INFRASTRUCTURE: We host and maintain the entire application and supporting infrastructure in a highly resilient, independently audited data center with primary and secondary data centers in place to replicate data daily and ensure application resiliency.
  • NETWORKING FIREWALLS: We employ next-generation firewalls with intrusion detection and prevention modules actively monitoring all infrastructure traffic in order to identify any potential threats and address them in a timely manner.
  • ACCESS CONTROL: We focus on secure, federated access control tools to manage all user and customer access to the application and supporting systems, including multi-factor authentication with complex passwords and extensive, white-listed access controls lists.
  • VULNERABILITY SCANNING: First Rate runs monthly vulnerability scans on all external-facing servers to identify and resolve potential vulnerabilities.
  • ENCRYPTION: All traffic from the First Rate applications through the entire infrastructure is encrypted in transit. In addition, all data is encrypted at rest in our databases using industry-recommended AES-256 bit encryption keys.

Security Oversight

First Rate has controls in place to regularly review and monitor all of our security measures and systems to make sure we are focused not only on protection, but also on oversight.

  • MONITORING: Always-on monitoring tools are used to identify system health, data throughput issues, potential intrusions, and unusual activity, etc.
  • TRAINING: All First Rate employees undergo regular cyber security awareness training to make sure data and systems are kept safe.
  • ANNUAL AUDITS: All security systems undergo audit measures under both the SOC 2 – Type 2 and ISO 27001 standards. For the past five years, First Rate has received outstanding audit results.
  • GOVERNANCE: First Rate employees implement an Information Security Management System (ISMS) to identify security trends, concerns, and any recent compliance activity.
  • PENETRATION TESTING: First Rate’s application and infrastructure undergoes independent penetration testing annually. We have static code scanning against the most common (OWASP Top 10) application vulnerabilities.
  • CHANGE MANAGEMENT: We focus on the segregation of duties and ensuring robust Quality Assurance. Our developers do not have access to live customer data, unless it has been explicitly granted by an individual customer. Developers do not have the ability to promote code themselves, ensuring that it must go through First Rate’s robust change management controls, including independent code review and various levels of automated and manual QA testing.