Data security within Folgo
This article answers the question: "Can I trust Folgo with my data?" And the answer is an emphatic Yes. Folgo has been selected by the “Recommended for Google Workspace apps” (you will find more information about what this means here: 2023 recommended for Google Workspace apps). In order to actually get this recommendation we needed to undergo a rigorous CASA assessment (you can find more here: CASA Tiering | App Defense Alliance), the highest level of assurance in the CASA framework. This proves that Folgo keeps users’ (your) data safe by verifying that we have the capability to handle data securely.
CASA Tier 3 Assessment
To get the recommendation you do not only need to pass the CASA assessment, you need to get the highest requirements which means CASA tier 3.
This assessment checks the application deployment infrastructure and any user data storage location for compliance with all CASA requirements. This demonstrates capability in handling data securely.
In order to maintain the highest level of data security, Folgo needs to undergo this CASA Tiering assessment on an annual basis, this process is called the CASA Tiering Reassessment, also known as Annual Recertification.
A prominent security firm, Prescient Security (Prescient Security), rigorously audited Folgo in April 2023, making sure that it indeed met all the requirements.
What does the CASA Tier 3 assessment include?
The CASA framework includes requirements for both functional and non-functional security controls. Functional security controls are those that protect the application from unauthorized access, data breaches, and other malicious attacks. Non-functional security controls are those that ensure the application is reliable, scalable, and performant.
The CASA Tier 3 assessment is a comprehensive evaluation that includes:
Application Penetration Testing: the assessor will identify potential application vulnerabilities in the application that accesses user data.
Deployment Review: the assessor will identify potential vulnerabilities in the infrastructure deployment that could compromise user data.
Policy and Procedure Review: the assessor will review and examine the information security policies and procedures provided via the Self-Assessment Questionnaire (SAQ).
In addition to these three activities, the assessor may also conduct other security assessments, such as:
Threat Modeling: Identification of potential threats to the application and infrastructure.
Security Architecture Review: Review of the application and infrastructure security architecture.
Vulnerability Management: Assessment of the application and infrastructure vulnerability management process.
HECVAT (Higher Education Community Vendor Assessment Tool)
The HECVAT assesses the information security, privacy, and data protection practices of our platform. It is widely used by universities and other institutions to evaluate the risks of working with third-party vendors like Folgo, ensuring we meet the rigorous standards necessary to handle sensitive information.
Data Access
When you install Folgo on your Google account, you will be prompted to authorize different accesses. Those authorizations will only be used to perform the service you are requesting from the add-on you have installed.
Still, need help? Contact Us.