All API connections and web portals are secured by TLS, SSL, and HTTPS (Secure Socket Layer). TLS refers to the process of securely transmitting data between the client—the app or browser that your customer is using—and your server. This was originally performed using the SSL (Secure Sockets Layer) protocol. However, this is outdated and no longer secure, and has been replaced by TLS. The term “SSL” continues to be used colloquially when referring to TLS and the functions to protect transmitted data.
Data is backed daily up via Amazon S3 servers, and RDS instances every 24hours with incremental 15min backups of the database. In addition, database and documents are replicated offsite to Google Cloud Storage on a daily basis.
AWS Data Center Certifications
AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.
User Password Policy
Users of the FreightWise's web, desktop, and mobile applications (excluding API access) are required to use at least six (6) character passwords and are encouraged to change such password frequently. The username is a unique email address that has to be validated and "deliverable" in order to set a password and gain access to the FreightWise's applications. Each user's password is encrypted by SHA-1 with 10K iterations and user's unique salt.
Along with defining HTTP's authentication framework, RFC 2617 also defined the Basic and Digest authentications schemes. These two schemes both use usernames and passwords as credentials to authenticate users at FreightWise.
Security Breach Response
Data Security Officers (generally the CIO) must report any known security breach or any other incident that is likely to cause a security breach. These incidents include thefts of computer devices, viruses, worms, or computer "attacks" that may lead to unauthorized access to confidential information. Immediately upon becoming aware of a likely security breach, the CIO shall notify ALL partners of FreightWise, LLC.
The CIO shall conduct an investigation. The partners shall determine what, if any, actions FreightWise, LLC. is required to take to comply with applicable laws, including whether any notification is required under Tennessee law.
The partners and CIO shall work with other administrators as appropriate to ensure that any notifications and other legally required responses are made in a timely manner. If the event involves a criminal matter, FreightWise, LLC. shall notify the police and shall coordinate its response with the partners of FreightWise, LLC.
FreightWise, LLC. reserves the right to monitor network traffic, perform random audits, and to take other steps to insure the integrity of its information and compliance with this policy and related company policies. Violations of this policy may lead to appropriate disciplinary action, which may include temporary or permanent restrictions on access to certain information or networks. Willful or repeated violations of this policy may result in dismissal of Clients, 3PLs, and Carriers from FreightWise, LLC's applications, API access, and/or other data-feeds.
Notes / Links:
For details on data retention policies please review here: FreightWise Data Retention Policy