The Top 5 Fulcrum Data and Security Questions: Answered
Navigating the complexities of data and security can be daunting. We've gathered the five most frequently asked questions on this topic and tapped our CTO, Jon Gregorowicz, and James Santiago, an engineer and Cybersecurity Adjunct Professor at the University of Texas in San Antonio, to provide expert insights on Fulcrum's approach to data storage and security.
1. Is my data secure in the cloud?
When looking at cloud data security, it is important that data is both encrypted at rest and in transit.
What does it mean for data to be encrypted at rest? In transport?
Data encrypted at rest means it is encrypted when transmitted from one system to another. Data encrypted in transport means data is encrypted on the hard disc of a computer storage device.
Fulcrum takes data security seriously, ensuring data is encrypted both at rest and in transport. By hosting our services on Microsoft's Azure Cloud platform, we leverage the same high-security standards used by major companies like Dow Chemical, Airbus, 3M, and Toyota. Azure Cloud provides a secure, resilient, and highly available environment — ensuring data is accessible to authorized users when needed.
2. Who owns and has access to my data?
At Fulcrum, you own your data. We do not sell it to third parties, and if you ever leave Fulcrum, we will provide an export for you. Access control is primarily managed by you, with customizable roles and permissions within the system. Fulcrum employees may access data for training or diagnostic purposes, but only when necessary.
3. How long is data stored, and are there backups?
Fulcrum supports various data retention policies, whether driven by internal compliance requirements for ISO 9001 or industry standards like AS9100. We take backups of databases on hourly, daily, weekly, and monthly cadences to ensure data integrity and availability, even in cases of accidental deletion.
4. Do you support ITAR-compliant manufacturers?
Yes, Fulcrum supports ITAR-compliant manufacturers working with defense contractors, the DOD, or defense manufacturing. We host ITAR-compliant sites in Azure's Gov Cloud, a secure environment similar to the public cloud but with added ITAR and FedRAMP compliance benefits.
5. What about Cybersecurity Maturity Model Certification (CMMC)?
CMMC is an increasingly important requirement for manufacturers, particularly those seeking contracts with the Department of Defense. This certification model mirrors ISO 27001 and NIST 800 series certifications. Fulcrum provides the necessary artifacts, data, logs, and representations to help clients achieve or maintain various CMMC certification levels.