Security

Customer trust and data security are critical to everything we do at Forest.

Product Security
Network and Application Security
Additional Security Features

Product Security

SSO

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials

Permissions

We enable permission levels within the app to be set for your employees. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.

Password and Credential Storage

Forest enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).

Uptime

We strive to have uptime of 99.8% or higher.

Network and Application Security

Data Hosting and Storage

Forest services and data are hosted in Amazon Web Services (AWS) facilities (us-east-2) in the USA.

Failover and DR

Forest was built with disaster recovery in mind.

Back Ups and Monitoring

On an application level, we produce audit logs for all activity, ship logs to Papertrail for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Forest application are logged.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Forest is served 100% over https. Forest runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Forest's network. We use 2-factor authentication (2FA) and strong password policies on all our accounts to ensure access to cloud services are protected.

Encryption

All data sent to or from Forest is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.

Pentests, Vulnerability Scanning and Bug Bounty Program

Forest uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. Twice yearly we engage third-party security experts to perform detailed penetration tests on the Forest application and infrastructure.

Incident Response

Forest implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Additional Security Features

Training

All employees complete Security and Awareness training annually.

Policies

Forest has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

Forest performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employee contracts include a confidentiality agreement.

PCI Obligations

All payments made to Forest go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

Security questions?

If you have additional questions or think you may have found a security vulnerability, please get in touch with our security team.
Contact our Security Team

Start making innovation work at your company.

Schedule a Demo

Helping your business unit drive strategic change across the organization

Solutions
Resources
Company
Latest Articles
Why Do People Take Jobs in Innovation?
Announcing Forest by Clareo
A Roadmap to Your First 24 Months as an Innovation Leader
From Buzzwords to Traction: A Case for Tools to Achieve Innovation at Scale
Build Your Innovation Strategy with Our (Free!) Strategy Builder Tool
© Forest | Clareo Partners, LLC