SECURITY & TRUST
Enterprise-Grade Security, Built in From Day One.
Field1st is SOC 2 Type II certified and built to meet the security requirements of the largest utilities and industrial operators in North America. Your safety data is encrypted end to end, access is tightly controlled, and it always stays yours.
SOC 2 Type II · AES-256 · TLS 1.3 · SAML 2.0 SSO · Annual penetration testing.
SECURITY CONTROLS
How We Protect Your Data.
Every layer of Field1st — from the device in a worker's hand to the data at rest — is built to meet the requirements of enterprise security teams.
01
SOC 2 Type II Certified
Certification covering the Security, Availability, and Confidentiality trust service criteria. The full audit report is available under NDA to qualified enterprise customers.
02
Data Encryption
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Zero plaintext storage. Keys are managed with AWS KMS and rotated automatically.
03
SSO / SAML 2.0
Integrates with any SAML 2.0 identity provider, including Okta, Azure Active Directory, Ping Identity, and OneLogin. SCIM provisioning automates user setup and deactivation.
04
Role-Based Access Control
Configurable RBAC with granular permission sets and separate roles for field workers, supervisors, safety managers, admins, and read-only executives.
05
Data Residency
Data residency options for the US, EU, and Canada. Enterprise customers can specify storage regions to meet regulatory and contractual requirements.
06
Audit Logging
Comprehensive audit logs for all user actions, data access, and administrative changes. Logs are immutable, timestamped, and exportable for compliance.
07
Penetration Testing
Annual third-party penetration testing by a qualified security firm. Findings are reviewed and remediated within SLA, and summary reports are available under NDA.
08
Incident Response
A documented incident response plan with defined RTO and RPO targets. Security incidents affecting customer data are communicated to affected customers within 72 hours.
09
Offline by Design
Field capture works offline and syncs securely when a device reconnects, with the same encryption and access controls applied to on-device data.
COMPLIANCE & DATA OWNERSHIP
Your Data Stays Yours.
We help you collect safety data — we don't monetize it. Field1st never sells or shares your data, and you can export it at any time. Our controls are built so that the people who own the data stay in control of it.
Handling is aligned to GDPR, including breach-notification obligations, and every access path is governed by the same encryption, access control, and audit logging applied across the platform.
At a Glance
FOR SECURITY & PROCUREMENT TEAMS
Everything Your Security Review Needs.
The SOC 2 Type II report, penetration test summary, and completed security questionnaire responses are available to qualified enterprise customers under NDA. Tell us what your review requires and we'll get it to your team.
SOC 2 report, pen test summary, and questionnaire — provided under NDA.
SECURITY QUESTIONS
Frequently Asked Questions.
Is Field1st SOC 2 Certified?
Yes. Field1st has completed SOC 2 Type II certification covering the Security, Availability, and Confidentiality trust service criteria. The full audit report is available under NDA to qualified enterprise customers.
How Is My Data Encrypted?
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. There is no plaintext storage, and encryption keys are managed with AWS KMS and rotated automatically.
Does Field1st Support SSO?
Yes. Field1st integrates with any SAML 2.0 identity provider, including Okta, Azure Active Directory, Ping Identity, and OneLogin, with SCIM provisioning for automated user setup and deactivation.
Does Field1st Support Role-Based Access Control?
Yes. Field1st provides configurable RBAC with granular permission sets and separate roles for field workers, supervisors, safety managers, admins, and read-only executives.
Where Is My Data Stored?
Data residency options are available for the US, EU, and Canada. Enterprise customers can specify storage regions to meet regulatory and contractual requirements.
How Does Field1st Handle Security Incidents?
Field1st maintains a documented incident response plan with defined RTO and RPO targets. Security incidents affecting customer data are communicated to affected customers within 72 hours.
Is Data Secure When Captured Offline?
Yes. Field capture works offline and syncs securely when a device reconnects, with the same AES-256 encryption and access controls applied to on-device data.
How Can I Get Field1st's Security Documentation?
The SOC 2 Type II report, penetration test summary, and security questionnaire responses are available to qualified enterprise customers under NDA. Contact us and we'll get them to your security team.
Enterprise Security,
Field1st Simplicity.
A Tool Your Crews Will Actually Use —
and Everything Your Security Team Needs to Say Yes.
See how Field1st gives field crews a safety tool they'll actually use, while giving your security and procurement teams the certifications, controls, and documentation they need. Book a 20-minute walkthrough built around your requirements.
