NIS2 Compliance and Cybersecurity Measures

1. NIS2 Compliance Overview

Files.fm maintains a cybersecurity and information security framework aligned with the objectives of the EU Network and Information Security Directive. Our security approach covers technical, organizational, and procedural controls designed to protect customer data, service availability, systems, networks, and business operations.

We regularly review and improve our security measures in line with evolving regulatory, operational, and threat requirements.

• Information security governance and accountability
• Cybersecurity risk management
• Incident detection, response, and escalation
• Vulnerability disclosure and coordinated handling
• Access control and authentication safeguards
• Infrastructure monitoring and logging
• Backup, recovery, and business continuity procedures
• Supplier and third-party risk awareness
• Data protection and privacy controls

2. Information Security Framework

Files.fm follows documented cybersecurity and information security practices covering governance, risk assessment, technical controls, monitoring, incident handling, employee responsibilities, and service continuity. These measures are designed to support secure cloud storage, file transfer, content collaboration, and business document workflows.

• Defined internal responsibilities for security and infrastructure operations
• Risk-based approach to system, network, and data protection
• Documented security policies and operational procedures
• Regular review of infrastructure, access, and service configuration
• Security monitoring, logging, and alerting across key systems
• Backup and recovery planning for service continuity

3. Cybersecurity and Technical Measures

Files.fm applies layered technical security measures to protect its platform, infrastructure, and customer data.

• Encrypted HTTPS/TLS access for user-facing services
• Secure account authentication and access control mechanisms
• Role-based and permission-based access management for business users
• Controlled file sharing with private links, password protection, expiry options, and access restrictions where applicable
• Infrastructure monitoring, SIEM, and log review
• Server hardening and secure configuration practices
• Malware and abuse prevention measures where applicable
• Backup, recovery, and data retention controls
• Security updates and vulnerability remediation processes
• Audit and activity logging for relevant business and administrative actions

4. Security Policy Documentation

Files.fm maintains security-related documentation, policies, and procedures covering acceptable use, privacy, data protection, security responsibilities, incident handling, and service terms.

• Terms and legal information: files.fm/terms
• Privacy-related documentation is available through the terms and legal pages.
• Security contact and vulnerability disclosure information is available via files.fm/security.txt.

5. Incident Response Procedures

Files.fm maintains incident response procedures for identifying, assessing, escalating, mitigating, and documenting cybersecurity incidents. These procedures are intended to support timely response to security events affecting systems, services, customer data, or business continuity.

• Security event identification and triage
• Internal escalation to responsible technical and management personnel
• Impact assessment and containment
• Remediation and recovery actions
• Communication with affected parties when required
• Documentation of incidents and follow-up improvements
• Review of lessons learned after material incidents

6. Vulnerability Disclosure Policy

Files.fm supports responsible and coordinated vulnerability disclosure. Security researchers, customers, and partners may report suspected vulnerabilities or security weaknesses through the published security contact channels.

See files.fm/security.txt or email security@files.fm.

• Reports are reviewed by the responsible technical team
• Valid issues are prioritized based on severity and impact
• Files.fm may request additional technical details to reproduce the issue
• Remediation actions are tracked internally
• Coordinated disclosure is expected to avoid harm to users, systems, or data

7. Vulnerability Reporting Mechanism

Security issues can be reported directly to: security@files.fm.

For general contact or non-sensitive inquiries, users may use the Files.fm contact form.

8. Security Contact Information

Files.fm provides clear public contact channels for security and compliance matters.

• Security contact: security@files.fm
• General contact form: files.fm/contact
• Security disclosure information: files.fm/security.txt

9. Data Protection, Privacy, and Legal Terms

Files.fm provides service terms, privacy information, and related legal documentation through the Files.fm terms page. These documents describe important user rights, service conditions, data handling principles, and related legal information.

10. Business Continuity and Service Resilience

Files.fm maintains operational practices intended to support service availability, data durability, backup, recovery, and infrastructure resilience. These practices are reviewed and improved as part of our ongoing security and compliance work.

• Backup and recovery procedures
• Infrastructure monitoring
• Capacity and availability management
• Operational incident handling
• Change management and maintenance practices
• Redundancy and resilience planning where appropriate

11. Continuous Improvement

Cybersecurity and NIS2 compliance are ongoing processes. Files.fm continuously reviews its security controls, technical architecture, operational procedures, and risk management practices to improve the protection of users, data, systems, and services.