Next-Gen Emergency Management

Security That Meets
The Highest Standards

Safeguarded with enterprise grade security and
industry-standard compliance

Security
ISO 27001
ISO 27001 Compliance

findeREC aligns with ISO 27001 standards by implementing robust encryption, role-based access controls, and structured incident response protocols. These measures support the confidentiality, integrity, and availability of Member data across our platform.

SOC 2 Compliance
SOC 2 Compliance

findeREC aligns with SOC 2 principles by implementing comprehensive audit logging, secure development practices, and rigorous access management controls. These safeguards help ensure the confidentiality, integrity, and availability of Member data across our platform.

PCI-DSS Compliance
PCI-DSS Compliance

findeREC does not store or process payment data and therefore this requirement is not applicable. However, all payments are securely handled by a third-party provider that is fully PCI-DSS compliant.

Effective Date: October 1, 2025
Last Updated: March 9, 2026

At findeREC Inc. ("we," "our," "us"), protecting your information is at the core of our mission. The eREC Service is designed to securely manage emergency contact information while giving Members control over when, where, and how their data is accessed. findeREC is built with privacy-by-design and implements governance and security controls suitable for emergency-readiness data. This statement summarizes findeREC's U.S. security compliance position under ISO 27001, SOC2, and PCI-DSS and the controls implemented to support privacy and security for families, schools, organizations/businesses, and emergency responders.

Security Compliance Position at a Glance

  • ISO 27001 Compliant. findeREC is compliant and aligns with ISO 27001 principles through encryption, access controls, and incident response protocols.
  • SOC 2 Compliant. findeREC is compliant and aligns audit logging, secure development, and access management.
  • PCI-DSS: Compliance Not Applicable. findeREC does not store or process payment data directly and therefore this requirement is not applicable. However, all payments are securely handled by a third-party provider that is fully PCI-DSS compliant.

International Standard for Information Security Management - ISO 27001

ISO 27001 is a globally recognized framework for managing and protecting sensitive information. It helps organizations identify risks, implement controls, and continuously improve their security posture. It enforces risk management, data protection, and security governance to builds trust with users and partners and support regulatory compliance.

  • findeREC is compliant and aligns with ISO 27001 principles through encryption, access controls, and incident response protocols

System and Organization Controls - SOC 2

SOC 2 is a U.S.-based auditing standard that evaluates how well a company protects customer data across five key areas: security, availability, processing integrity, confidentiality, and privacy. Internal controls for data security and reliability are to be implemented to demonstrate accountability and safeguards for cloud-based services.

  • findeREC is compliant and aligns audit logging, secure development, and access management

Payment Card Industry Data Security Standard - PCI-DSS

PCI-DSS sets strict rules for handling credit card data to prevent fraud and breaches. It's required for any service that stores, processes, or transmits payment information to secure payment data and prevent unauthorized access and therefore reduce risk of financial data breaches.

  • findeREC does not store or process payment data directly. All payments are securely handled by a third-party provider that is fully PCI-DSS compliant.
  • findeREC's platform architecture reflects PCI principles—such as encryption, secure authentication, and limited data access—even beyond payment flows.

Data Encryption

When Members sign in to findeREC, connection is protected by HTTPS using TLS encryption—just like online banking. This means everything entered is securely transmitted and shielded from unauthorized access. TLS provides us 256-bit encryption, keeping personal information private and confidential every step of the way.

Account Authentication

To protect our Members, all findeREC accounts are private and can only be accessed using a valid Username and password. Members are required to create their own password, which should be kept strictly confidential. Once signed on, Members can manage their information.

As an added layer of protection:

  • Passwords must be at least 10 characters long and include at least one number (0-9) or special character (e.g., @, #, $, !).
  • Multi-Factor Authentication (MFA) is also used to verify identity during login. This means that even if someone obtains a password, they cannot access the account without a second form of verification—such as a code sent to a phone or email.

These safeguards help ensure that emergency contact information remains secure and accessible only to Members and those trusted individuals.

How Emergency Contact Information Is Be Accessed

findeREC is designed to make emergency contact information available—only to the right people, only when it's needed, and only with your permission. That is the core service offering.

eREC Member ID

Every account is issued a unique system generated eREC Member ID, which acts as a secure key to retrieve emergency contact details. Members control how and when their information is shared, with multiple layers of protection in place.

Smart Security Features

Google reCAPTCHA

findeREC uses reCAPTCHA to quietly detect and block bots or automated scraping attempts. This ensures that only real people—not machines—can access emergency records.

Security Access Code (SAC)

Members can change their Member ID anytime by setting a custom Security Access Code. This gives full control to revoke or update access—even if the ID was previously shared.

Ways Emergency Contact Information Is Accessed

1. Manual Entry via findeREC.com

Authorized individuals and first responders can enter a Member ID directly on the findeREC website to view emergency contact details, only if permitted by the Member.

2. QR Code Scan via eREC Member Card

Each Member has a digital or printed eREC card with a QR code. Scanning it directs the user to findeREC.com and reveals emergency contact information the Member has chosen to share.

3. Organizational Lists (RBAC)

Verified group administrators (e.g., schools or businesses) can use interactive lists to retrieve emergency contact information. Access is strictly controlled through role-based authentication.

4. Member-Initiated Sharing

Members can copy and share their eREC link via text, email, or other platforms. The link opens directly to their emergency contact profile on findeREC.com. Access can be revoked or updated anytime using the Security Access Code.

Network Protection

findeREC uses a layered "defense-in-depth" approach to protect our platform from unauthorized access and cyber threats. This strategy is powered by a suite of advanced Azure security tools and best practices.

  • Threat Detection & Prevention: Azure's intelligent threat detection services continuously monitor for suspicious behavior, intrusion attempts, and known attack patterns. Automated alerts and real-time analytics help us respond quickly to potential risks.
  • Segmentation & Isolation: Our network is segmented to limit exposure and contain threats. Sensitive systems are isolated behind secure zones, with tightly controlled access pathways.
  • Zero Trust Principles: Access to internal systems is governed by identity verification, least-privilege access, and continuous monitoring—ensuring that no one is trusted by default, even inside the network.

This multi-layered security model ensures that findeREC's infrastructure remains resilient, responsive, and secure—so families and partners can trust that their data is protected at every level.

Firewall Protection

We deploy multiple layers of firewall security—including Azure Network Security Groups (NSGs), Web Application Firewalls (WAF), and perimeter firewalls—to monitor, filter, and control incoming and outgoing traffic. These firewalls help block malicious activity, prevent unauthorized access, and enforce strict traffic rules across our infrastructure.

Microsoft Azure offers powerful tools to help secure cloud-based applications and protect sensitive data. Two key components in findeREC's security architecture are Web Application Firewall (WAF) and Azure Key Vault.

Web Application Firewall (WAF)

Azure WAF protects web applications from common threats and vulnerabilities—like SQL injection, cross-site scripting (XSS), and bot attacks.

  • Real-time threat detection: Monitors and filters HTTP/HTTPS traffic to block malicious requests.
  • Custom rules: Allows fine-tuned control over what traffic is allowed or denied.
  • DDoS protection: Helps mitigate distributed denial-of-service attacks.
  • Global coverage: Integrated with Azure Front Door and Application Gateway for scalable, edge-based protection.

Azure Key Vault

Azure Key Vault securely stores and manages sensitive information—such as API keys, passwords, certificates, and cryptographic secrets.

  • Centralized secret management: Keeps credentials out of code and config files.
  • Access control: Uses Azure Active Directory to enforce role-based access.
  • Audit logging: Tracks who accessed what and when, supporting compliance and incident response.
  • Automatic rotation: Supports secret versioning and renewal for enhanced security hygiene.

Together, Azure WAF and Key Vault help findeREC maintain a strong security posture—protecting both the platform and the sensitive data entrusted by families, schools, and emergency responders.

API Security with JWT (JSON Web Token)

JSON Web Tokens (JWT) are a widely adopted standard for securing APIs and authenticating users in modern web applications. JWT is a cornerstone of findeREC's API security strategy, helping ensure that data access is authenticated, authorized, and protected across all endpoints.

A JWT is a compact, digitally signed token that securely transmits identity and authorization information between a client and server. It allows APIs to verify who is making a request—without storing session data on the server.

  • Authentication: After a user logs in, the system issues a JWT. This token is included in future API requests to verify the user's identity.
  • Authorization: JWTs can carry role-based permissions, helping APIs determine what data or actions the user is allowed to access.
  • Tamper-Proof: Each token is cryptographically signed, ensuring its integrity and preventing unauthorized modifications.
  • Stateless & Scalable: Because JWTs are self-contained, they reduce server load and support scalable, distributed systems.

Input Validation in Laravel: Request Validation & Blade Escaping

Input validation is a critical part of web application security—it ensures that data coming into your system is clean, expected, and safe to process.

Laravel Request Validation

Laravel provides powerful tools to validate incoming data from forms, APIs, or user input before it's used or stored. This prevents malformed or malicious data from entering your system, reducing the risk of SQL injection, logic errors, or broken workflows.

Blade Escaping

Blade is Laravel's templating engine. It automatically escapes output to prevent Cross-Site Scripting (XSS) attacks.

Together, Laravel's request validation and Blade escaping form a strong defense against common web vulnerabilities—keeping findeREC secure and users protected.

Continuous Anti-Virus Protection and Monitoring

At findeREC, we take proactive steps to safeguard our systems against malware, viruses, and other cyber threats. Our infrastructure is protected by enterprise-grade anti-virus software that is continuously updated to detect and block the latest known threats.

  • Real-Time Monitoring: Our anti-virus tools scan files, processes, and network activity in real time to identify suspicious behavior before it can cause harm.
  • Automatic Updates: We maintain the latest virus definitions and threat intelligence feeds, ensuring our systems are equipped to defend against emerging risks.
  • Multi-Layered Defense: Anti-virus protection is part of a broader security strategy that includes firewalls, encryption, access controls, and secure development practices.
  • Endpoint Security: All endpoints—including servers and workstations—are monitored and protected to prevent unauthorized access or infection.

This ongoing vigilance helps ensure that findeREC remains a safe and trusted platform for families, schools, and emergency responders.

If findeREC detects unusual activity or suspects a potential security issue with an account, we'll temporarily suspend access as a precaution—and notify you immediately by email.

  • If it's a false alarm (like multiple failed login attempts due to a forgotten password), our team will quickly help restore access.
  • If there's a real concern (such as someone else gaining access to your credentials), we'll guide the Member through creating a stronger, more secure password—or, if needed, help close the account entirely.

Safety and privacy are our top priority. We're here to support every step of the way.

Automatic Session Timeout for Added Security

To help keep information safe, findeREC will automatically log out after a period of inactivity. This protects accounts when users step away from their device without logging off.

  • If a session times out, simply log back in to continue.
  • For added security, always log out manually when you're done using findeREC—especially on shared or public devices.

Privacy is our priority, and these safeguards help ensure your emergency contact data stays protected.

Backup & Disaster Recovery

At findeREC, we prioritize business continuity and data protection through a robust Backup & Disaster Recovery (BDR) strategy. Our approach is designed to minimize downtime, safeguard sensitive information, and ensure rapid recovery in the event of a disruption.

Risk Assessment: Identifying Potential Threats

We continuously assess and monitor risks that could impact system availability or data integrity, including:

  • Cybersecurity threats such as data breaches, ransomware, or unauthorized access
  • System failures due to hardware malfunctions, software bugs, or misconfigurations
  • Natural disasters like fires, floods, or power outages affecting data centers
  • Human error, including accidental deletion or mismanagement of critical data
  • Third-party service disruptions that could impact cloud or network infrastructure

Recovery Strategies: Built for Resilience

To ensure rapid recovery and uninterrupted service, findeREC implements multiple layers of protection:

  • Automated Backups: Regular, encrypted backups of all critical data are stored in secure, geographically distributed locations.
  • Cloud Redundancy: Core systems are hosted in the cloud with built-in redundancy, ensuring high availability and fault tolerance.
  • Failover Infrastructure: In the event of a primary system failure, traffic is automatically rerouted to standby environments to maintain service continuity.
  • Recovery Time Objectives (RTO) & Recovery Point Objectives (RPO): We define and test clear recovery benchmarks to minimize data loss and downtime.
  • Routine Testing: Disaster recovery plans are regularly tested and updated to reflect evolving threats and infrastructure changes.

With these safeguards in place, findeREC is prepared to respond quickly and effectively to unexpected events—protecting the trust of our users and the integrity of their emergency contact information.

How to Keep findeREC Account Secure

Your privacy and safety matter—and you play a key role in protecting your emergency contact information. Here's how to stay secure:

Smart Practices at Home or Work
  • Choose a strong password and never share it with anyone.
  • Keep your devices protected with up-to-date antivirus, anti-spyware, and firewall software.
  • Install operating system updates regularly (e.g., Windows, macOS) to patch security vulnerabilities.
  • Review your sharing settings to make sure your emergency contacts and authorized viewers are accurate and current.
  • Report suspicious activity immediately—especially if you think someone accessed your account or you receive a fake email pretending to be findeREC.
Safe Access While Traveling or Using Public Computers
  • Use trusted devices whenever possible. If you're at a library, café, or using a friend's computer, ask if it has current security software and a firewall.
  • Never leave your session unattended. If you step away, log out first.
  • Always log out when finished and close the browser window. For extra protection, clear the browser's cache.

By following these tips, you help ensure that your emergency contact information stays private, secure, and accessible only to those you trust.

Beware of Phishing Attempts

Phishing is a form of email fraud where scammers pose as trusted organizations—like banks, credit card companies, or even government agencies—to trick you into sharing personal information such as your username, password, or account details. These messages often look official and claim they need access to your account for security, verification, or urgent updates.

Important: findeREC will never ask you to share your password or login credentials—by email, phone, or any other method.

If you ever receive a message from someone claiming to be from findeREC and asking for access to your account or emergency contact information, do not respond. Instead, report it to us immediately so we can investigate and protect your account. Your security is our priority—and together, we can keep your information safe.