Skip to main content

Information Security Program

The Files.com Information Security Program (“InfoSec Program”) governs both the Files.com platform and our company operations. It is built on the SSAE-18 SOC 2 Trust Services Criteria and the COBIT 5 Framework, aligning with industry best practices for governance, risk management, and compliance.

The InfoSec Program is designed to support:

  • Files.com's business objectives
  • Security requirements, including IAM, encryption, and monitoring
  • Applicable regulatory and compliance obligations

Roles and responsibilities are clearly defined and communicated across the organization and are available on the internal company intranet. The program is reviewed and audited continuously as part of an internal governance cycle and as part of our annual SOC 2 audit process.

Files.com has completed multiple SOC 2 engagements with KirkpatrickPrice, with each audit successfully concluded. Proprietary documentation related to the InfoSec Program is not shared externally. Customers may refer to our most recent SOC 2 report for further details.

Information Security Team

Files.com maintains a dedicated Security team, led by Chief Information Security Officer (CISO) Sean E. Smith, HCISPP, CISM, CISSP. Sean is a member of ISC2, ISACA, CSA, and InfraGard, and actively participates in ongoing continuing education to stay ahead of the evolving security landscape.

The Security team is involved in all major architectural reviews and project planning efforts, and also collaborates with stakeholders across the company to maintain program integrity.

Asset Management

An active Asset Management program ensures all hardware and software assets are reviewed and updated semi-annually. These asset inventories are a key input into the Files.com Risk Management Program.

Customer Security Responsibilities

Files.com provides world-class tools that enable customers to operate their own security programs according to their internal policies and regulatory requirements. As outlined in our Shared Responsibility Model, customers are responsible for their own implementation and enforcement of information security controls.

Security and Privacy Training

All employees and contractors undergo mandatory onboarding training that includes:

  • The Information Security Program
  • Acceptable Use Policy
  • Work From Home Policy
  • Privacy and Data Protection principles

Annual refresher training is required for all staff, and role-specific training is provided where applicable.

Internal Security Policies and Documentation

Files.com's internal security documentation—while not provided to customers—includes detailed policies, procedures, standards, and guidelines covering areas such as:

  • Access management
  • Asset and inventory control
  • Business continuity and disaster recovery
  • Change management
  • Data classification, retention, and encryption
  • Incident response
  • Penetration testing and vulnerability management
  • Risk management and compliance
  • Vendor and third-party oversight

These documents are updated immediately when required and are reviewed annually. All changes are communicated internally and are reviewed during SOC 2 audits. Please refer to the most recent SOC 2 report for further details.

Legal and Regulatory Awareness

Files.com’s General Counsel and CISO regularly attend continuing education programs to stay current on evolving legal, regulatory, and contractual requirements. These learnings drive updates across the InfoSec Program and the broader organization.

Budget and Financial Controls

Files.com’s internal budgetary data, including security spend, is confidential and proprietary and is not provided to customers.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.