Technology and security

Secure operations, EU hosting and control over access.

Fogito is built for businesses that handle customers, employees, jobs, hours, documentation and vehicle data in one platform. That is why security, access control and structured data handling are part of the core of Fogito.

Role-based access
Control who sees what, across office and field.
Granular permissions
Assign rights per module, customer or team.
Activity history
Track changes to jobs, quotes, invoices and documentation.
Separate environments
Each company’s data is handled in its own environment.
Hosting and infrastructure

Operational data is hosted in the EU.

Fogito uses hosting providers with relevant security certifications and structured operations, so the platform can support businesses with requirements for availability, data processing and control.

Hosted in the EU with Hetzner

Operational data is hosted in the EU with Hetzner, an ISO/IEC 27001:2022-certified hosting provider.

Monitored infrastructure

The servers are monitored and protected around the clock with CrowdStrike Falcon. See the security layers below.

Documentation for procurement

Documentation on hosting, DPA and sub-processors can be provided as part of the procurement process.

Endpoint and infrastructure security

The infrastructure is monitored around the clock.

Beyond hosting and access control, Fogito’s servers and infrastructure are protected with CrowdStrike Falcon, one of the most widely used endpoint security platforms. Attacks should be detected and stopped at the machine level before they can reach operational data.

Real-time protection
Malware and ransomware are blocked automatically, and suspicious behaviour on the servers is logged and analysed continuously.
Fast response and containment
An affected server can be investigated live and isolated from the network immediately, so an incident does not spread.
Vulnerabilities and attack surface
Continuous overview of vulnerabilities, unmanaged devices and risk prioritisation across the environment, including IoT equipment.
Identity protection
Attacks on accounts and privileges, such as stolen credentials and lateral movement in the environment, are detected and stopped.
Central logging and correlation
Logs from systems and firewalls are collected and correlated across endpoint, network and identity into a single incident picture.
Tailored detection rules
Behaviour-based rules and central block lists for files, IP addresses and domains are enforced across the entire infrastructure.
Falcon Insight · EDRFalcon Prevent · NGAVReal Time ResponseNetwork ContainmentExposure ManagementSpotlightNetwork Vulnerability AssessmentFalcon for XIoTIdentity ProtectionNext-Gen SIEMXDRCustom IOA & IOC

The specific security setup can be reviewed as part of a security or procurement dialogue.

Data processing and DPA

Clarity around data processing.

Fogito processes data on behalf of customers and works within structured frameworks for data processing.

DPA

A DPA can be provided as part of the procurement process.

Sub-processors

An overview of relevant sub-processors can be provided, so customers can review the data processing.

GDPR handling

Fogito is built for responsible GDPR handling with access control, structured data handling and clear company environments.

Procurement process

For larger purchases, relevant security and data processing questions can be handled as part of the dialogue.

Access control and permissions

The right people should have the right access.

Fogito supports roles, permissions and access control across workflows.

Roles

Use roles to control what employees, managers and administrators can see and do.

Granular permissions

Adjust rights across features, users and workflows.

Separate company environments

Customers, employees, jobs, files and documentation are handled in separate company environments.

Multi-team structure

Departments, teams and roles can be used to create more controlled access, where it fits the organisation.

Activity history and audit

Track key actions.

Fogito supports activity history, so key actions and changes can be tracked over time.

Internal control

See who changed or updated important items.

Documentation

Follow the history of jobs, projects, customers and documents.

Follow-up

Use the history to understand what happened in a workflow.

Audit dialogue

Activity history can form part of an audit or procurement dialogue, depending on the customer’s requirements and setup.

Authentication, backup and recovery

Secure access and plans for recovery.

Fogito works with user access, session management and role-based rights. Backup and recovery processes are reviewed as part of the technical dialogue with larger customers.

Access to the platform

  • Users
    Employees are invited and assigned relevant roles.
  • Sessions
    Access and sessions are handled as part of the platform’s user administration.
  • Password and login
    Login and access are controlled through Fogito’s access system. Specific authentication requirements can be clarified in the security or procurement dialogue.

What we review in the technical dialogue

  • Backup frequency
    We review how often your data is backed up.
  • Recovery process
    We review how data is restored after an incident.
  • Point of contact for incidents
    You get a fixed point of contact and an agreed escalation path.
  • Division of responsibility
    We describe what Fogito handles and what the customer is responsible for.
  • Customer-specific requirements
    Specific requirements from your organisation or industry are built into the agreement.
Integrations and API security

Integrations should be described precisely.

Fogito can be part of workflows with other systems, but integration requirements should be clarified specifically. An overview of relevant sub-processors can be provided as part of the procurement process.

Data flow

When integrations are relevant, the data flow, responsibility and data processing should be described clearly.

API and access

API access, server-to-server connections and integrations are assessed specifically based on the customer’s needs and security requirements.

Third-party systems

If third-party systems are involved, we clarify which data is processed, where it is processed and who is responsible.

Security contact

Do you have security questions?

Security and procurement questions can be sent to Fogito through the contact form or brought into the sales process.

We can help clarify
  • Hosting and data processing
  • Endpoint security and monitoring
  • DPA and sub-processors
  • Roles and permissions
  • Activity history
  • Integrations and data flow
  • GPS and hardware-dependent data
  • Purchasing or procurement questions
Contact us about security
FAQ

Questions from procurement and IT.

Where is Fogito hosted?

Operational data is hosted in the EU with reliable hosting providers, including Hetzner as an ISO/IEC 27001:2022-certified hosting provider.

Is the hosting provider ISO/IEC 27001:2022-certified?

Yes. Hetzner can be referenced as an ISO/IEC 27001:2022-certified hosting provider.

How is the platform itself protected against attacks?

Fogito’s servers and infrastructure are protected with CrowdStrike Falcon: real-time blocking of malware and ransomware, continuous vulnerability monitoring, identity protection and central correlation of security events across the environment.

Can we get a DPA?

Yes. A DPA can be provided as part of the procurement process.

Which sub-processors does Fogito use?

An overview of relevant sub-processors can be provided as part of the procurement process.

How do roles and permissions work?

Fogito supports role-based access control and granular permissions, so access can be tailored to users and workflows.

Can activity history be used for audits?

Activity history can be used for internal control and follow-up. The specific audit use depends on the setup and the customer’s requirements.

How are security questions handled?

Security questions can be sent via contact or handled as part of the sales and procurement process.

How is GDPR described?

Fogito is built for responsible GDPR handling with EU hosting, access control, structured data handling, a DPA and a sub-processor overview. Final legal assessments are handled in the procurement process.

Klar?

Need technical or security clarification?

Contact Fogito so we can review hosting, access control, DPA, sub-processors and relevant security questions.