4U services and data are securely hosted in Amazon Web Services (AWS) facilities located solely in the USA, specifically in the us-east-1 (Northern Virginia) and us-west-2 (Eastern Oregon) regions. 4U Platform does not use any regions outside of the USA for services or data or for any other purposes.

All of our infrastructure resides within our own virtual private cloud (VPC) on AWS, utilizing both the East and West regions. We leverage AWS services (including PaaS, IaaS, and FaaS) to ensure security, scalability, and reliability of the 4U Platform. Our VPC is protected by network access control lists (ACLs), which prevent unauthorized requests from reaching our internal network.

4U infrastructure and data are spread across multiple AWS availability zones and will continue to work should any one data center fail. Data is continuously backed up and separately stored.

Additionally, in the event of a catastrophic AWS failure, we can failover from the us-east-1 region on the East Cost to the us-west-2 region on the West Coast.

On an application level, we produce audit logs for all activity which flow to AWS CloudWatch for analysis archival purposes. All activity taken and changes made within AWS infrastructure and the 4U application are logged.

Access to customer data is strictly limited to authorized employees who explicitly require it for their job and who are explicitly permissioned by a 4U customer. 4U is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on AWS and MS365 to ensure access to cloud services are protected.

Production data is always encrypted both in transit and at rest. We require TLS1.2 encryption for all production data in transit and secret-key cryptography AES-256 bit encryption for data at rest. We only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Policies and procedures have been implemented to secure encryption keys throughout the key lifecycle. Encryption keys are generated using AWS Key Management Service a FIPS 140-2 Level 2 overall validated Hardware Security Module and rotated annually. Tenant level, Company specific encryption keys are utilized for Company Specific (non-shared) data.

4U uses third party security tools to scan for vulnerabilities in application code as well as our deployed application.

We engage an independent 3rd part firm to prform Network and Application Penetration Testing annually.

Any identified issues are evaluated and appropriately addressed in a timely fashion based on the severity level.

4U implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post-mortem. All employees are informed of our policies and our procedures are tested at least annually.

Each company can administer specific IP address or ranges for allow listing access by their users to corporate networks.

SAML 2.0 Single Sign-on (SSO) is available to authenticate users in your own systems without requiring them to enter additional login credentials.

We enable permission levels within the app to be set based on Company Roles and Product Team. Company Administrator privileges are required for users to add or modify permissions or other Company Setting.

All employees complete Security and Awareness training annually.

4U has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

4U performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

All employee contracts include a confidentiality agreement.

If you have additional questions or need additional information, please reach out to us at security@4uplatform.com.

Learn more about 4U Platform by reading our Terms of Use and Privacy Policy.