Our Continuing Promise
From behavior-centric data security policies to AI-powered data classification, securing information is at the core of what we do. Discover more about our best-in-class privacy and compliance measures, and how we’re always working to improve.
Forcepoint Privacy Program
Many organizations have legitimate questions about the privacy of their data and the ever-evolving data protection landscape. To this end, Forcepoint demonstrates its commitment to privacy and data security by outlining the measures we have taken and the way we conduct business within Forcepoint.
Data Processing and Protection Measures: The Forcepoint Data Processing and Protection Measures set forth the commitments made to customers regarding the processing, transfer, and protection of the customer’s data when using Forcepoint products and services.
Data Protection Requirements: The Forcepoint Data Protection Requirements set forth the commitments Forcepoint requires from its vendors, suppliers, and partners when processing, transferring, and protecting data provided by Forcepoint.
Forcepoint Sub-Processors List: The Forcepoint Sub-Processor List sets forth the third-party suppliers engaged by Forcepoint that may process, transfer, or store a customer’s personal data on behalf of Forcepoint when helping provide the Forcepoint products and services.
How Forcepoint’s Products Protect Your Privacy
Forcepoint adheres to an approach of “privacy by design” in which our products incorporate best practices for managing personal and sensitive data right from the start. To learn more about how each product keeps information safe, click on the Management of Personal Data documents below.
- Forcepoint ONE
- Data Loss Prevention (DLP)
- Data Protection Services (DPS)
- Email Security - Cloud
- Next Generation Firewall (NGFW)
- Risk-Adaptive Protection for DLP
- Remote Browser Isolation (RBI)
- Web Security - Cloud
Forcepoint Organizational Security Program and Operations
Forcepoint operates a security compliance program to help customers understand the security controls in place and our approach to security of systems and customer information.
We comply with numerous international and regional compliance programs, laws, and regulations.
Forcepoint provides access to our ISO certificates from the following links:
- Forcepoint ISO27001 & ISO27018 certifications
- Forcepoint ISO27001, ISO27017, and ISO27018 certification (Forcepoint ONE)
A summarized copy of our Statement of Applicability associated with each ISO certification is available on request from your account manager.
Forcepoint provides a FedRAMP certified Security Service Edge (SSE) solution. Details can be found on the FedRAMP marketplace and the Federal Risk and Management Program Dashboard.
How to Receive a Copy of Forcepoint’s SOC2 Report
Forcepoint maintains SOC2 assessments on an annual basis. SOC2 reports are made available to existing customers upon request. For organizations considering purchases of Forcepoint solutions please contact us for more information. Note, confidentiality agreements must be in place prior to access to SOC2 assessments.
Forcepoint Product Security – The Forcepoint Trust Program
At Forcepoint, we consider the development of secure solutions integral to the enablement of organizations to protect their people and intellectual property. The Forcepoint Trust Program performs security testing throughout product lifecycles – from development to deployment.
Forcepoint Product Security and Incident Response Team (PSIRT) Policies
Forcepoint PSIRT – Vulnerability Management
Forcepoint PSIRT’s goal is to minimize customers’ risk associated with security vulnerabilities in Forcepoint products by providing timely information, guidance and remediation of vulnerabilities. Forcepoint PSIRT is a team that manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Forcepoint products.
Forcepoint's PSIRT is a team that coordinates security testing, vulnerability management, and vulnerability communication for products created and services provided by Forcepoint, including those that are now end-of-life (EOL). PSIRT receives reports of vulnerabilities via email to PSIRT@forcepoint.com.
Report an Issue and Disclosure and Embargo Policy Forcepoint
PSIRT Product Security Program Participations
Forcepoint is a proud member of FIRST, Forum of Incident Response and Security Teams. FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents.
FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
Forcepoint is a CVE Numbering Authority (CNA). CNAs are software vendors, open source projects, coordination centers, bug bounty service providers, hosted services, and research groups authorized by the CVE Program to assign CVE IDs to vulnerabilities and publish CVE records within their own specific scopes of coverage.
- The Trust Program whitepaper - The Forcepoint Trust Program was created to establish the highest level of trust and confidence with our customers and the security community. Led by our Product Security Team, the Forcepoint Trust Program ensures that security is part of every phase of our software development lifecycle and that transparency is maintained in how we handle security.
- Secure Testing Methodology whitepaper - The Forcepoint Secure Testing Methodology is a crucial part of an end-to-end process that works in lockstep with Forcepoint’s Secure Software Development Lifecycle (SSDLC) - also known as our Secure Development Process - to ensure security-by-design. Forcepoint’s SSDLC includes elements of secure design, secure release and security education.
- Forcepoint Product Security Vulnerability Notice and Mitigation Policy - Forcepoint Product Security Vulnerability Notice and Mitigation Policy describes the steps Forcepoint follows when responding to and mitigating newly discovered security vulnerabilities or information of active exploitation of a security flaw or weakness.
- Product Security Attestation Letter – This attestation letter provides Forcepoint’s CISO’s commitment regarding product security assessments, prioritization of vulnerability resolution, and maintenance of security practices.
- Customer Care
Cloud Trust/Health Status
- Status.forcepoint.com - Stay informed with real-time status on Forcepoint's trusted Cloud Security Services.