• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Foundant Technologies

Foundant Technologies

  • Home
  • Solutions
    • For Community Foundations
      • CommunitySuite
      • Grant Lifecycle Manager
      • Scholarship Lifecycle Manager
    • For Grantmakers
      • Grant Lifecycle Manager
    • For Scholarship Providers
      • Scholarship Lifecycle Manager
    • For Nonprofits
      • NonprofitCore
      • GrantHub
  • Resources
    • Resources
      • Blog
      • Podcast
      • Coffee Talks
      • Client Stories
      • Compass Community
    • Topics
      • Connected Philanthropy
      • Resilient Philanthropy
      • Capacity Building
      • Maximizing Impact
      • Nonprofit Support
      • Data Management
      • Technology
      • Crisis Response
      • Collaboration
    • On-Demand Webinars
      • For Grantmakers
      • For Community Foundations
      • For Scholarship Providers
      • For Nonprofits
  • Events
  • About Us
  • Contact

Security

Data security and reliability is top priority at Foundant Technologies, and we know it is for our clients as well. That’s why we apply industry-leading practices across the organization to keep client information safe. To achieve this we use the proven, tested, best-in-class security tools, technologies, practices, and procedures described below. 

Compliance 

Soc 2 Type 2 audited
We are  Service Organization Controls 2 (SOC 2) Type 2 audited and third-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organization’s controls with respect to security.

PCI
Confidential payment data is not processed or saved on Foundant systems. 

Hosting Environment and Physical Security 
We use Amazon Web Services (AWS) hosting, selected for their high standards of data center security. Learn more about AWS security here: aws.amazon.com/security/ 

Network Security 
All Foundant applications are only accessible over secure channels using HTTPS and the latest TLS ciphers.  Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Foundant follows current best practices for security, including the use of strong encryption algorithms with a key length of at least 128 bits. 

Foundant’s multi-tier architecture segregates application systems from the public Internet. Public traffic to the website passes through a Web Application Firewall (WAF) and then is routed to application systems running on private subnets.  
 

Authentication 
Clients log in to Foundant using a password which is known only to them. Password length, complexity and expiration standards are enforced. Passwords are not stored; instead, as is standard practice, only a secure hash of the password is stored in the database.  

Users can optionally configure their accounts to use Two-Factor Authentication, by means of an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy. Users are also automatically logged out of their session after a period of time.  

Application Development and Testing 
Privacy and security considerations are integral parts of our comprehensive software development lifecycle.  

Development staff receive regular training on Secure Coding Practices, including avoidance of the OWASP Top Ten Web application vulnerabilities. 

Penetration testing of the website is regularly conducted by a qualified third party. In addition, regular internal vulnerability scans are conducted. 

Data Privacy 
Please see our privacy policy, which details the types of personal information we collect, our handling of this information, and our customers’ privacy rights. 

Transaction Data Retention, At-Rest Protection, Data backups and retention 
All data stored in the Foundant system is encrypted at rest.  Data backups are taken and stored every 6-24 hours.  Data backups are stored in a separate AWS region where possible and a separate AWS availability zone where that is not possible. 

High Availability 
Our Business Continuity and Disaster Recovery program includes not just measures to ensure the high availability of Foundant’s IT assets, but also contingency planning for natural disasters and other possible disruptions. IT measures are used to ensure high availability include running Foundant services in multiple redundant cloud Availability Zones and replication of the application database to a standby system. 

Current system status and recent uptime statistics are continuously available at https://foundant.statuspage.io/. 

Incident Response 
We have deployed a variety of security and monitoring tools for our production systems. There is 24×7 monitoring of the security status of its systems and automated alerts are configured for security and performance issues. 

While we don’t anticipate there ever being a breach of our systems, Foundant has put in place a Security Incident Response Plan which details roles, responsibilities and procedures in case of an actual or suspected security incident. 

Our Organization 
All full-time team members are subject to background checks that include one or more of the following: criminal history, education, and current and past employment. In addition, Foundant maintains an information security training program that is mandatory for all employees. 

Data Security Statement (Last revision 5/27/2021)

Footer CTA

Want to Learn More?

Talk to a team member to learn how Foundant can help maximize your organization’s impact.

Contact Us

Footer

Solutions

  • For Community Foundations
  • CommunitySuite
  • Grant Lifecycle Manager
  • Scholarship Lifecycle Manager
  • For Grantmakers
  • Grant Lifecycle Manager
  • For Scholarship Providers
  • Scholarship Lifecycle Manager
  • For Nonprofits
  • NonprofitCore
  • GrantHub

Resources

  • Events
  • Blog
  • Podcast
  • Coffee Talks
  • Client Stories
  • Support Hub
  • Compass Community

About Foundant

  • About Us
  • Our Team
  • Careers
  • Partners
  • News and Press
  • Contact

Foundant Technologies, Inc.
143 Willow Peak Drive
Bozeman, MT 59718
(877) 297-0043

Subscription Preferences

For Funders
facebook linkedin twitter instagram

For Nonprofits
facebook linkedin twitter

© 2023 Foundant Technologies, Inc.  |  Privacy |  Security