Security
Built-in security for your brand
Certifications
Certified against the best industry standards
All-around security
A secure platform for users and assets
Secure authentication
Frontify access rights are managed at guideline, project, and library levels in three ways: single sign-on, access request, or invitation.
User roles and permissions
Granular authorization rules let you easily manage users with customizable access request forms and time-bound permissions for teams, partners, and clients.
Antimalware protection
All uploaded assets undergo malware scanning to block harmful files. Suspicious uploads are prevented and flagged for prompt analysis by the Frontify Security Operations Center.
Network and application security
Enterprise-grade cloud security
Protection and redundancy
All enterprise customer data is protected in a virtual private cloud (VPC) with a logically separated database and dedicated file storage. Each hosting region uses multiple availability zones with redundancy to ensure critical components remain operational.
Infrastructure and hosting
AWS hosts Frontify in data centers with 24/7 on-site security staff, biometric scanning, and video surveillance. The facilities maintain multiple certifications, including ISO 27001, PCI DSS, Cloud Security Alliance Controls, and SOC reports.
Regional hosting
Enterprise customers can choose to host their data in North Virginia (US) or Frankfurt (Germany). A worldwide CDN ensures consistent application speed globally through caching.
Backup and continuity
We perform nightly backups of files, databases, configuration, and servers. Our comprehensive business continuity plan includes disaster recovery procedures, which we test at least annually.
Our security approach
Proactive vulnerability management
Development practices
Our process follows OWASP guidelines with code reviews, pair programming, automated tests, and builds focused on security and stability.
Pentesting and scanning
Daily vulnerability scans and regular penetration tests safeguard our infrastructure. Our BugCrowd bounty program provides ongoing vulnerability management.
Patching policy
We deploy application updates daily and promptly test and install infrastructure security updates.
Incident handling and reporting
Our unified security monitoring covers all operations and services. We notify customers within 48 hours if a security breach affects their data through unauthorized access, loss, or alteration.
Data protection at the core
Security practices and controls
In-house information security
Security operations center
Access management
Employee training
Regular auditing
