Here at Fatigue Science, our fatigue management platform Readi supports mission-critical operations for some of the most demanding organizations on earth. From global industrial firms operating in highly safety-sensitive environments, to elite military teams preparing training missions, we enable data flows that enhance performance and safety where it matters most.
In this context, it goes without saying that data security is of essential importance to our customer base. We’re proud to share that we’ve built our system to meet the most rigorous security and compliance standards that our customers require, enabling them to deploy our technology with both the requisite approvals and with confidence. Moreover, in practice, we’ve managed to achieve a powerful data security record that we’re proud to demonstrate to our customers.
In this article, we’ll look at how we managed to achieve this success, taking a closer look at Fatigue Science’s security practices in our delivery of Readi as a SaaS (Software as a Service) platform. We’ll answer some of the common questions related to the security of our underlying technology, the collection and transmission of data, and what additional security measures are taken to protect your data.
Why is a Security Strategy Important to Fatigue Science?
Fatigue Science is committed to keeping your data safe. As the leading provider of predictive fatigue analytics and human performance insights for heavy industry, elite sports, and military, we take the confidentiality, integrity, and availability of our information assets seriously. Information assets, just like physical assets, must be secured from internal and external threats.
Fatigue Science works to keep information assets secure through a layered approach of people, processes, and technology. This security strategy minimizes risk, provides resilient access to our information assets, and exceeds our regulatory obligations.
Information security is an important aspect of user privacy for ensuring the proper handling, confidentiality, accuracy, and quality of data. To maintain the security of access to information, Fatigue Science uses roles-based permissions to limit individual access to information to only those with a legitimate business need.
How Does Fatigue Science Ensure Data Security?
Encryption
Encryption is the process of translating data into secure code that can only be accessed with a matching key. Fatigue Science’s customer data is always encrypted during transit and at rest. That means that from the point that user data is collected with a ReadiBand or other wearable device such as FitBit or Garmin by the Readi fatigue management platform, to the point where it is stored in the cloud, it is always encrypted to protect user privacy.
Data Center Security
Our infrastructure is compliant with the Amazon Web Services (AWS) Well-Architected Framework. This includes a complete implementation and review by an AWS Advanced Consulting Partner. Security is a key component of this framework, including data protection.
“AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.”
Penetration Testing
A penetration test is a simulated cyber attack against a targeted computer system to evaluate its security. During this process, an auditor looks for a system’s vulnerabilities to attack. Fatigue Science completes annual penetration testing in compliance with the Open Web Application Security Project’s Application Security Verification Standard. Customers can also request a copy of our independent third-party penetration testing results.
Application Security Risk Assessment
We have completed a comprehensive Application Security Risk Assessment. This goes beyond traditional penetration testing and includes an active third-party review of engineering practices and procedures, security design review, and threat modeling that encompasses the entire software development lifecycle.
What Security Features Does Fatigue Science Employ to Foster Trust?
Proactive Real-Time Monitoring
Fatigue Science uses verified and trusted third-party tools to provide real-time vulnerability monitoring of our cloud systems. Through continuous monitoring of these systems, we can ensure the security and availability of data, as well as catching any issues or failures before they impact our customers.
Security Scanning
Beyond annual penetration testing, we routinely scan all environments and all upcoming software releases for security vulnerabilities using industry-leading third-party security software, Qualys.
What Are Some Other Ways that Fatigue Science Builds Trust?
To ensure the transparency of our responsibility to our customers, Fatigue Science has clearly communicated Terms of Use and Privacy Policies that adhere to best practices of user privacy. These policies ensure that every user has consent over the collection of their data, and how their data is used.
Information security is an important aspect of user privacy for ensuring the proper handling, confidentiality, accuracy, and quality of data.
We have been reviewed by a third party for compliance with the EU’s General Data Protection Regulation (GDPR), one of the more stringent data protection policies in the world. As part of this process Fatigue Science has completed an independent Privacy Impact Assessment reviewing all aspects of our system. We are able to sign a Data Processing Addendum for compliance of those under the jurisdiction of GDPR.
Looking Ahead
Information security and compliance with privacy regulations is an always-developing process. Ensuring that industry best practices continue to be met requires proactive awareness, ongoing engagement with experts, and the continuous review of policies and procedures.
Fatigue Science is committed to the continuous assessment and improvement of practices to ensure a best-in-class solution. It’s important to us that our customers can always trust in the security of their information. That’s why we work to meet not only the expectations of regulators but also of our customers, and more broadly the public.
Fatigue Science seeks to be a leader in not only fatigue-related risk management but also in industry security best practices. We’re dedicated to transparency with our customers, and we’re happy to work with enterprise clients to demonstrate the security and privacy controls that we have in place.
If you’re interested in learning more about Fatigue Science’s industry-leading human fatigue and performance predictive analytics and fatigue management information systems or speaking with a member of our team about our data security policies, you can contact us here.
About the Author
Michael O’Neal is the former Chief Technology Officer at Fatigue Science
Michael has over 20 years of industry experience from startup to large scale enterprise. He has spent the past decade building out SaaS solutions in highly regulated environments, meeting international privacy standards, and ensuring the security and availability of clients data.
or download our free eBook on the Science of Sleep for industrial workforces