Fieldmotion is now ISO 27001:2013 compliant
We signed up quite a large client a short while ago who required that we pass a few stringent business tests, including a penetration test for computer/data security, disaster recovery plan for general business continuity, and ISO 27001:2013 for software-based business practices.
All of these serve to make FieldMotion stronger.
The penetration test was the most interesting to me, as I’m the head of development and this was a test of how well I was doing the job. I’m glad to say that even though a few XSS (cross site scripting) issues were found, they were so minor that I was able to have them fixed literally within minutes of becoming aware of them, they required that the “hackers” would need to have a valid paid-for FieldMotion license before even starting their hacks, and they would only affect viewers from within the same paid-for client account.
The disaster-recovery plan was a pain to write because of its length, but was easy to write because we already had our disaster-recovery systems in place for the most part. This was simply a process of writing down what we do as a matter of course. We are currently spread out across about 60 servers, and every system we create has redundancy and backups built-in. As we like to point out, you could literally take a datacentre offline and we’d stay up and running. In fact, there was an example of this recently where one of our data-centres in the US was completely offline for almost a full day because of power supply problems, and no-one noticed except us (because we were watching the monitors!) – all data that would have come from those servers was routed from other servers instead. When the data-centre came back online, the servers in there automatically re-synced with the rest of the world and I saw it and it was good.
ISO 27001 was a months-long process to complete and I’m very glad to report that I didn’t have to write the hundreds-of-pages involved in it (Jerome did!). It’s a very involved document that covers things like how to handle people walking through the door into the building, little things like who is allowed to carry USB data storage devices, more strict things like making sure screens lock after a few minutes of inactivity, and how to scrub a person from the various systems if they leave the company.
The upshot from all of this is that FieldMotion is now a better fit for enterprise clients than ever before. If we’re not already talking to you about using our field service management system, then you should talk to us!