Forcepoint’s Trust Hub

Privacy and Data Security at Forcepoint



Our Continuing Promise

From behavior-centric data security policies to AI-powered data classification, securing information is at the core of what we do. Discover more about our best-in-class privacy and compliance measures, and how we’re always working to improve.


Forcepoint Data Protection & Privacy Program

Many organizations have legitimate questions about the privacy of their data and the ever-evolving data protection landscape. To this end, Forcepoint demonstrates its commitment to privacy and data security by outlining the measures we have taken and the way we conduct business within Forcepoint.

Privacy Policy: The Forcepoint Privacy Policy explains how Forcepoint collects, uses, discloses and transfers the personal information you provide to us or we collect when you use our website, do business with Forcepoint, or use Forcepoint’s security products and services

Cookie Policy: The Forcepoint Cookie Policy explains how Forcepoint uses cookies and similar technologies to recognize you when you visit Forcepoint's website(s).

Data Processing and Protection Measures: The Forcepoint Data Processing and Protection Measures set forth the commitments made to customers regarding the processing, transfer, and protection of the customer’s data when using Forcepoint products and services.

Data Protection Requirements: The Forcepoint Data Protection Requirements set forth the commitments Forcepoint requires from its vendors, suppliers, and partners when processing, transferring, and protecting data provided by Forcepoint.

Forcepoint Sub-Processors List: The Forcepoint Sub-Processor List sets forth the third-party suppliers engaged by Forcepoint that may process, transfer, or store a customer’s personal data on behalf of Forcepoint when helping provide the Forcepoint products and services.

Report a Privacy Issue


How Forcepoint’s Products Protect Your Privacy

Forcepoint adheres to an approach of “privacy by design” in which our products incorporate best practices for managing personal and sensitive data right from the start. To learn more about how each product keeps information safe, click on the Management of Personal Data documents below.


Forcepoint Organizational Security Program and Operations

Forcepoint operates a security compliance program to help customers understand the security controls in place and our approach to security of systems and customer information.

We comply with numerous international and regional compliance programs, laws, and regulations.

ISO Certifications

Forcepoint provides access to our ISO certificates from the following links:

A summarized copy of our Statement of Applicability associated with each ISO certification is available on request from your account manager.

FedRAMP Certifications

Forcepoint provides a FedRAMP certified Security Service Edge (SSE) solution. Details can be found on the FedRAMP marketplace and the Federal Risk and Management Program Dashboard.

How to Receive a Copy of Forcepoint’s SOC2 Report

Forcepoint maintains SOC2 assessments on an annual basis. SOC2 reports are made available to existing customers upon request. For organizations considering purchases of Forcepoint solutions please contact us for more information. Note, confidentiality agreements must be in place prior to access to SOC2 assessments.


Forcepoint Product Security – The Forcepoint Trust Program

At Forcepoint, we consider the development of secure solutions integral to the enablement of organizations to protect their people and intellectual property. The Forcepoint Trust Program performs security testing throughout product lifecycles – from development to deployment.


Forcepoint Product Security and Incident Response Team (PSIRT) Policies

Forcepoint PSIRT – Vulnerability Management

Forcepoint PSIRT’s goal is to minimize customers’ risk associated with security vulnerabilities in Forcepoint products by providing timely information, guidance and remediation of vulnerabilities. Forcepoint PSIRT is a team that manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Forcepoint products.

Forcepoint's PSIRT is a team that coordinates security testing, vulnerability management, and vulnerability communication for products created and services provided by Forcepoint, including those that are now end-of-life (EOL). PSIRT receives reports of vulnerabilities via email to PSIRT@forcepoint.com.

Report an Issue and Disclosure and Embargo Policy Forcepoint


PSIRT Product Security Program Participations

 

Forcepoint is a proud member of FIRST, Forum of Incident Response and Security Teams. FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents.

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

 

Forcepoint is a CVE Numbering Authority (CNA). CNAs are software vendors, open source projects, coordination centers, bug bounty service providers, hosted services, and research groups authorized by the CVE Program to assign CVE IDs to vulnerabilities and publish CVE records within their own specific scopes of coverage.


Public documents

  • Data Sovereignty, Residency and Localization in the Cloud - Cut through the various misconceptions around global data protection laws and requirements for the use of cloud services.
  • Secure Testing Methodology whitepaper - The Forcepoint Secure Testing Methodology is a crucial part of an end-to-end process that works in lockstep with Forcepoint’s Secure Software Development Lifecycle (SSDLC) - also known as our Secure Development Process - to ensure security-by-design. Forcepoint’s SSDLC includes elements of secure design, secure release and security education.
  • Forcepoint Product Security Vulnerability Notice and Mitigation Policy - Forcepoint Product Security Vulnerability Notice and Mitigation Policy describes the steps Forcepoint follows when responding to and mitigating newly discovered security vulnerabilities or information of active exploitation of a security flaw or weakness.
  • Product Security Attestation Letter – This attestation letter provides Forcepoint’s CISO’s commitment regarding product security assessments, prioritization of vulnerability resolution, and maintenance of security practices.
  • Customer Care


Cloud Trust/Health Status

  • Status.forcepoint.com - Stay informed with real-time status on Forcepoint's trusted Cloud Security Services.