We’re excited to announce that Forbury has joined forces with Altus Group, a leading provider of asset and fund intelligence for the global commercial real estate industry - learn more here
US
Welcome! You’ve landed on our US website. If this isn’t right you can change regions below or click above any time.

Change to EMEA or APAC

Security 

Last reviewed: January 2024

 

Security at Forbury

Safeguarding information security is at the heart of Forbury’s operations. Our comprehensive Information Security Management System (ISMS) spans all data, systems, employees, and service providers. This system is integral to our daily functions and successful business performance. We maintain privacy, integrity, and accessibility of data through strong security policies, procedures, and risk assessments. Information Security is a shared responsibility across the entire team.
We also recognize the importance of partnerships with key organizations like Microsoft, our primary hosting partner. For details on Microsoft’s security protocols, visit their information security page Microsoft Business Security.
Protecting your Content

Protecting your Content

Hundreds of customers trust Forbury with their data, a responsibility we take very seriously. We maintain strong administrative, technical, and physical safeguards to ensure the security, confidentiality, and integrity of our customers' information.

Data Security

Data Security

We prioritize the confidentiality and integrity of our customer's data with industry best practices. Our databases, hosted in Microsoft Azure data centres, utilize at-rest encryption including Transparent Data Encryption (TDE) for Azure SQL Database, securing stored data from unauthorized or offline access. For Microsoft Azure’s security details, see their official pages.

Data Accessibility

Data Accessibility

Access to confidential data is strictly controlled. It is available only to the individual who uploaded it or to team/fund members with explicit permission. Forbury Sharing allows data sharing with approved third parties, as per user settings. Our employees access data through individually secured logins, with one-way encrypted passwords, Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for enhanced account security.

Server and Data Storage

Server and Data Storage

We utilize Microsoft Azure Data Servers in Australia, with geo-replication for backup, and secure data storage. Our Portal’s encrypted database adheres to the highest standards of data protection.

Data Handling

Data Handling

Our data collection is minimal, transparent, and user-centric, offering data sharing choices. Forbury does not share or sell your data, nor do we use it for benchmarking or data mining. In the event of discontinuation of our services, we can permanently delete all sensitive data related to you upon request. The table below shows your options when sharing your data with us:

We collect your data for: Why do we collect your data? Does this require your data to be stored? How can your data be removed?
Model Calculations Product development, error detection and testing No Calculation logs can be removed by requesting Forbury
Backup and Restore Enable the ability to migrate inputs into new models Yes Users can delete uploaded data
Portfolio Reports Consolidate property information and the ability to refresh reports with latest information Yes Users can delete uploaded data
Sharing To facilitate the transfer of data to nominated 3rd party users Yes User can delete uploaded data. Receiving parties may hold your data in our system
Sale Evidence To provide a sale database service with comparison and report functionality Yes Users can delete uploaded data
Activity Logs Audit, support, records Yessssssssssssssss Cannot be removed

 

Outsourced Partner Security

Outsourced Partner Security

We ensure secure and accurate operation of information processing through partnerships with reputable third parties and outsourced partners, underpinned by formal contracts and strong Service Level Agreements (SLAs). These agreements cover service quality, security, and response strategies for disruptions or incidents. A key partner is Microsoft Azure, providing infrastructure and services like automated threat detection and data retrieval, all compliant with various regulations.

Encryption and Password Management

Encryption and Password Management

We use Microsoft Azure Security Services for encryption of data at rest and protect data in transit between Forbury software and servers using HTTPS using 256-bit TLS encryption. Password security is managed through the ASP.NET Core Data Protection framework with one-way encryption and multi-factor authentication enforced. Passwords require lowercase, uppercase, non-alphanumeric and digit characters, with a minimum length of 8 characters. After 5 failed attempts user accounts are locked for 10 minutes.

Data Management

Data Management

Our data is categorized as Public, Sensitive, or Confidential, with strict access based on 'least privilege.' Suppliers are thoroughly monitored, personal data collection is limited, with data stored securely in Microsoft Azure. Our Access Controls, Acceptable Use Policy and Customer Data Management strategy ensures our adherence to ISO 27001:2013 compliance including OAuth 2.0 authentication, responsible asset usage, secure handling and encryption of customer information, with options for anonymization or deletion. Regular compliance checks and secure disposal of hardware are key aspects of our data management system.

Service Reliability

Service Reliability

Our risk management, coupled with our strong remote work infrastructure, proactive monitoring with Azure's storage solutions, and resilient backup strategies enables us to provide reliable, secure services for our customers.

Business Continuity

Business Continuity

Our Business Continuity Plan, proven during the COVID-19 pandemic, includes remote work infrastructure and communication protocols. We proactively monitor and address service issues with our automated performance detection system, using Azure's storage solutions for secure and recoverable data management.

Backup Strategies

Backup Strategies

Our data protection strategy includes maintaining a continuously updated, geo-replicated database, and regular backups. This ensures minimal downtime in case of regional service disruptions. Should a database issue arise, we swiftly switch operations to our replicated database, until the primary database is restored. 

Risk Management

Risk Management

Our risk management protocols follow ISO 27001 guidelines. We continuously identify, evaluate, and mitigate business risks through methods like risk assessments and audits, ensuring that our services remain reliable and secure.

Code Security

Code Security

Adhering to ISO 27001:2013 standards, we ensure top-tier code security through secure development, mandatory security training, and strict incident management, aligning with global data protection regulations.

Secure Development

Secure Development

Our Technical Change Management System and adherence to OWASP guidelines ensure secure, high-quality code development techniques with regular code reviews and conducting comprehensive automated testing to ensure code development and security. Our software development lifecycle embeds security at every stage, from strategic planning and agile development to controlled releases and ongoing enhancement.

Security Training and Protocols

Security Training and Protocols

Ensuring comprehensive security coverage is important to us, we invest in regular security training, phishing attack identification and simulation tests for all employees. Regular vulnerability scanning, penetration testing and incident simulation testing are conducted. We ensure high network and computer system security in partnership with our IT Service Provider by implementing software monitoring, patching, data backup and recovery, and real-time monitoring for data breaches.

Confidentiality

Confidentiality

Strict confidentiality standards are maintained by all personnel, including employees and contractors, who are expected to adhere to these standards, ensuring the secure handling of sensitive information and intellectual property.

Security Incident Management and Data Breach Response

Security Incident Management and Data Breach Response

At Forbury, we manage security incidents in line with ISO 27001 A.16.1. We actively monitor server traffic, unauthorized access and maintain detailed logs for both breach management and legal compliance. Security Incidents or Data Breaches are managed by our Security Incident Recovery Team (SIRT), engaging all team members and third parties as applicable.

Our Data Breach Response Plan focuses on quick containment, assessment, and response to data breaches, aiming to minimize harm. The SIRT lead handles investigation and risk assessment and informs senior management. Containment steps are taken immediately, and if necessary, services are interrupted. After containment, the breach is assessed and reported to relevant parties, including legal authorities, and affected individuals, The plan emphasizes evidence preservation and a post-resolution review to improve future responses.

Compliance

Compliance

We comply with privacy and data protection regulations in the European Union, Australia and New Zealand. Our approach includes legal and regulatory adherence, with detailed information about Privacy Policy on our website.

ISO Certification

ISO Certification

Forbury’s ISMS is ISO 27001:2013 certified, reflecting our commitment to best practice security controls and information risk management.

mark-of-trust-certified-ISOIEC-27001-information-security-management-black-logo-En-GB-1019-300x152

 

Report a Security Issue

Report a Security Issue

If you detect a security issue, please report it here for review.

‍If you have any further questions, please email us.

inlineCTA-bg
hello

Prefer to talk to a real person?