FreightWaves SONAR logo
Schedule Demo
Login

Security Commitments

As an organization, FreightWaves is dedicated to protecting and securing our SaaS offerings, as well as our customers’ data security and privacy. This statement is meant to provide FreightWaves customers and prospects with the latest information about our systems, compliance certifications, processes, and other security-related activities.

Information Security Policy

FreightWaves has defined and published a set of information security policies which are:

  • Based on ISO 27001, CIS, NIST SP 800-53, and NIST CSF
  • Approved and reviewed on an at-least annual basis
  • Communicated to all employees and relevant external parties
information-security

Product Security Assessments

FreightWaves regularly performs a variety of security assessments on both the application level as well as the environments that host our applications. These include:

  • In-depth internal security assessments—for major new features, we include a combination of vulnerability scans, code reviews, and architectural risk assessments.
Product Security

Security for Software as a Service

  • Our SaaS offerings are hosted on premiere cloud services providers including Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which remain on the leading edge of security and protection.
  • In addition to the security provided by our cloud service providers, FreightWaves uses real-time monitoring tools for cloud configuration and container integrity, AI-assisted threat detection, and industry-standard endpoint protection solutions.
software-security

Privacy

Please see our Privacy Policy here, containing our Data Privacy and Protection Statement and our Website Privacy Policy.

privacy

Incident Management

  • FreightWaves has established policies, processes, and procedures to ensure a quick, effective, and orderly response to information security incidents.
  • The Cybersecurity Incident Response Plan is reviewed, tested, and updated (as appropriate) annually, at minimum.
  • In the event of a breach or incident, FreightWaves will notify customers consistent with the Data Privacy and Protection Statement referenced by our Privacy Policy.
incident-management

Network Security

  • FreightWaves utilizes IDS/IPS, WAFs, firewalls, and related technologies to protect against external threats.
  • Network environments are physically and logically segregated.
  • Security alerts are monitored 24×7 by a dedicated security team with a 5-min SLA for initial triage of critical alerts.
  • Vulnerability scans are performed daily.
Network Security

Encryption

  • All Company data, both internal and customer-related, is encrypted in transit and at rest. Beyond mass storage encryption sensitive data is also secured using application layer encryption.
  • All traffic is encrypted in transit by default via HTTPS/TLS (Transport Layer Security) 1.2 or better.
  • All persistent data are encrypted at rest in the CSPs using AES 256-bit encryption or better.
Encryption

Availability, Backup, and Disaster Recovery

  • High availability is achieved using the native cloud orchestration capabilities of AWS and GCP.
  • If individual VM containers fail within a CSP availability zone, they will recover automatically due to the cloud-native architecture. If there is an outage for a complete CSP availability zone or region, there is a process that will create a new instance in a different availability zone or region. This process is manual and takes 15-30 minutes, excluding the time to load the new customer database with a copy of the backup.
  • In general, across all types of disaster situations, including failures beyond core infrastructure, FreightWaves’s recovery time objective (RTO) is one (1) business day and the recovery point objective (RPO) is 24 hours.
Backup-Recovery

Access Management

  • Multi-factor authentication (MFA) capability is provided to customers for accessing FreightWaves’ applications.
Access Management

Change Management

  • Changes to the organization, business processes, cloud infrastructure, and systems affecting information security are performed per a defined change management policy, process, and procedure.
  • All changes are logged via a ticketing system, and approvals are required and tracked.
  • The technical review includes a risk assessment and all other technical aspects of the change.
Change Management

Compliance

SOC 2 Type 2

Covering security, availability, and confidentiality

FreightWaves SONAR logo
Linkedin Twitter

Subscribe to FW Daily and get the latest news delivered directly to your inbox.

© Copyright 2023. FreightWaves, Inc. All Rights Reserved.

Why Sonar
SONAR App
Who We Help
Resources
About Us
Account
SONAR App

SONAR SCI

Actionable insights to help shippers, carriers and 3PLs reduce costs, improve route guide compliance and make proactive decisions.

Market Dashboard+

A multi-lane analysis tool designed to empower bid management, frequent lane monitoring and corridor trend visualization.

TRAC

High-frequency and accurate pricing data on volatility, rates and capacity to improve margins and contract negotiations.

API

A customizable data analytics plugin that delivers the power and flexibility that modern supply chain businesses need — with more control and less risk.

Container Atlas

Data insights and trends around vessel delays and price fluctuations to help users mitigate risk and make more informed and profitable decisions.

NTI

A real-time proxy for the health of the national supply chain used by freight and non-freight businesses to make more accurate decisions.

SONAR StakUp

The premier benchmarking platform for truckload carriers to compare their most important KPIs.

Index-Linked Contracts

Optimize pricing and relationships by creating dynamic contracts based on the source of truth for the supply chain industry.
Why Sonar?

Features

Make more strategic business decisions and outperform the competition with SONAR’s full suite of products.

Data

Stay on top of supply and demand dynamics across all modes of transportation with SONAR’s best-in-class data and analytics.
Learn More
White Papers
April 23, 2024

The State of Freight – April 2024

Read More
March 27, 2024

The State of Freight – March 2024

Read More
March 21, 2024

Take Demand Planning and Forecasting to the Next Level: An Introduction to Tender Data

Read More
View White Papers