How do we protect your data?
- SOC 2 Type 2
FiscalNote offers SOC 2, Type II audit, or Service Organization Control 2 engagement, and renews this on a yearly basis. SOC 2, Type II is an audit of a service organization’s overall security. To receive this certification, a third-party auditor performs tests of operating processes to validate that all necessary security controls are in place and operating effectively. SOC 2, Type II is safer, more secure, and provides stricter safeguards for sensitive client information than SOC 1 or SOC 2, Type I.
FiscalNote offers Security Assertion Markup Language, or SAML, authentication. SAML is a protocol that allows us to use your company’s secure authentication when logging into our software platform. This system allows users to use single sign-on (SSO) in conjunction with GSuite or Active Directory, centralizes user account control, ensures another layer of security that prevents unauthorized log-ins, lowers the risk of a breach or hack, and centralizes user account control.
The General Data Protection Regulation (GDPR) is a regulation in the EU on data protection and privacy. We collect and process personal data of European public officials from publicly available sources which can be used by our customers to gain an understanding of legislation, regulations and their status, as well as the methods for contacting public officials.
We only process personal data for legitimate business purposes. These purposes include but are not limited to: feeding the platform with relevant information regarding European public officials to provide our clients with a useful tool; keeping the information regarding European public officials on the platform accurate and up to date.
Read more on our Fair Processing agreement here.
- Dedicated Security Personnel
FiscalNote has a dedicated IT Security team to ensure our organization is staying on top of all the latest security best practices and ahead of any potential issue that could impact our clients. They are responsible for protecting IT infrastructure, networks, and data and implementing security standards across all of our solutions.