Secure operations, EU hosting and control over access.
Fogito is built for businesses that handle customers, employees, jobs, hours, documentation and vehicle data in one platform. That is why security, access control and structured data handling are part of the core of Fogito.
Operational data is hosted in the EU.
Fogito uses hosting providers with relevant security certifications and structured operations, so the platform can support businesses with requirements for availability, data processing and control.
Hosted in the EU with Hetzner
Operational data is hosted in the EU with Hetzner, an ISO/IEC 27001:2022-certified hosting provider.
Monitored infrastructure
The servers are monitored and protected around the clock with CrowdStrike Falcon. See the security layers below.
Documentation for procurement
Documentation on hosting, DPA and sub-processors can be provided as part of the procurement process.
The infrastructure is monitored around the clock.
Beyond hosting and access control, Fogito’s servers and infrastructure are protected with CrowdStrike Falcon, one of the most widely used endpoint security platforms. Attacks should be detected and stopped at the machine level before they can reach operational data.
The specific security setup can be reviewed as part of a security or procurement dialogue.
Clarity around data processing.
Fogito processes data on behalf of customers and works within structured frameworks for data processing.
DPA
A DPA can be provided as part of the procurement process.
Sub-processors
An overview of relevant sub-processors can be provided, so customers can review the data processing.
GDPR handling
Fogito is built for responsible GDPR handling with access control, structured data handling and clear company environments.
Procurement process
For larger purchases, relevant security and data processing questions can be handled as part of the dialogue.
The right people should have the right access.
Fogito supports roles, permissions and access control across workflows.
Roles
Use roles to control what employees, managers and administrators can see and do.
Granular permissions
Adjust rights across features, users and workflows.
Separate company environments
Customers, employees, jobs, files and documentation are handled in separate company environments.
Multi-team structure
Departments, teams and roles can be used to create more controlled access, where it fits the organisation.
Track key actions.
Fogito supports activity history, so key actions and changes can be tracked over time.
Internal control
See who changed or updated important items.
Documentation
Follow the history of jobs, projects, customers and documents.
Follow-up
Use the history to understand what happened in a workflow.
Audit dialogue
Activity history can form part of an audit or procurement dialogue, depending on the customer’s requirements and setup.
Secure access and plans for recovery.
Fogito works with user access, session management and role-based rights. Backup and recovery processes are reviewed as part of the technical dialogue with larger customers.
Access to the platform
- UsersEmployees are invited and assigned relevant roles.
- SessionsAccess and sessions are handled as part of the platform’s user administration.
- Password and loginLogin and access are controlled through Fogito’s access system. Specific authentication requirements can be clarified in the security or procurement dialogue.
What we review in the technical dialogue
- Backup frequencyWe review how often your data is backed up.
- Recovery processWe review how data is restored after an incident.
- Point of contact for incidentsYou get a fixed point of contact and an agreed escalation path.
- Division of responsibilityWe describe what Fogito handles and what the customer is responsible for.
- Customer-specific requirementsSpecific requirements from your organisation or industry are built into the agreement.
Integrations should be described precisely.
Fogito can be part of workflows with other systems, but integration requirements should be clarified specifically. An overview of relevant sub-processors can be provided as part of the procurement process.
Data flow
When integrations are relevant, the data flow, responsibility and data processing should be described clearly.
API and access
API access, server-to-server connections and integrations are assessed specifically based on the customer’s needs and security requirements.
Third-party systems
If third-party systems are involved, we clarify which data is processed, where it is processed and who is responsible.
Do you have security questions?
Security and procurement questions can be sent to Fogito through the contact form or brought into the sales process.
- Hosting and data processing
- Endpoint security and monitoring
- DPA and sub-processors
- Roles and permissions
- Activity history
- Integrations and data flow
- GPS and hardware-dependent data
- Purchasing or procurement questions
Questions from procurement and IT.
Where is Fogito hosted?
Operational data is hosted in the EU with reliable hosting providers, including Hetzner as an ISO/IEC 27001:2022-certified hosting provider.
Is the hosting provider ISO/IEC 27001:2022-certified?
Yes. Hetzner can be referenced as an ISO/IEC 27001:2022-certified hosting provider.
How is the platform itself protected against attacks?
Fogito’s servers and infrastructure are protected with CrowdStrike Falcon: real-time blocking of malware and ransomware, continuous vulnerability monitoring, identity protection and central correlation of security events across the environment.
Can we get a DPA?
Yes. A DPA can be provided as part of the procurement process.
Which sub-processors does Fogito use?
An overview of relevant sub-processors can be provided as part of the procurement process.
How do roles and permissions work?
Fogito supports role-based access control and granular permissions, so access can be tailored to users and workflows.
Can activity history be used for audits?
Activity history can be used for internal control and follow-up. The specific audit use depends on the setup and the customer’s requirements.
How are security questions handled?
Security questions can be sent via contact or handled as part of the sales and procurement process.
How is GDPR described?
Fogito is built for responsible GDPR handling with EU hosting, access control, structured data handling, a DPA and a sub-processor overview. Final legal assessments are handled in the procurement process.
Need technical or security clarification?
Contact Fogito so we can review hosting, access control, DPA, sub-processors and relevant security questions.