MCO (Fairwords) demonstrates the integrity of our security controls and procedures annually through a Service Organization Controls (SOC) 2 Type II audit.

Guide statistics are captured, by default, anonymously without storing any user content. Guide is further designed to never capture any data marked as sensitive by applications, such as passwords and social security numbers.

Customers have the option of requesting Guide be set to non-anonymous mode, aka User Identity mode, to provide more specifically actionable context alongside the default training metrics. When capturing this additional context data, Guide automatically masks all sensitive numerical data and personal identifiers. This sensitive data is never stored as it serves no meaningful purpose in Guide notifications or analytics.

Fairwords customer data is always stored and transmitted encrypted.

Fairwords leverages industry-standard secure password policies for user-defined passwords. These policies are enforced when initially creating and subsequently updating them.

Organizations may optionally use their Microsoft Entra ID tenant for SSO. Some organizations consider this easier to manage and keep consistent with enterprise security policies, including Multi Factor authentication (MFA).

See Microsoft Login (SSO) for more information.