.png)
Protecting sensitive community data is one of FORWARD’s highest priorities. Government agencies, nonprofits, and community organizations rely on FORWARD Direct to manage programs involving personal, financial, and health-related information. This article answers common questions about how we keep that data secure and compliant.
What security and privacy standards does FORWARD comply with?
FORWARD adheres to industry-recognized compliance frameworks, including:
HIPAA – Protects the privacy and security of health information
SOC 2 Type II – Validates the effectiveness of our security, availability, and confidentiality controls
CCPA – Ensures transparency and protections for California residents’ personal data
These standards guide the way we design, maintain, and continuously monitor the FORWARD platform.
How does FORWARD keep my data secure?
We use a defense-in-depth approach that includes:
Encrypted data at rest and in transit
Strict access controls to ensure only authorized users can view or manage information
Continuous monitoring for suspicious activity
Audit logs that track key actions within the platform
Regular third-party assessments to verify that our controls are effective
These layers work together to protect against unauthorized access, breaches, and misuse.
What does HIPAA compliance mean for my program?
If your program handles health-related information, HIPAA compliance ensures:
Protected Health Information (PHI) stays confidential
Only authorized personnel can access health data
Administrative, technical, and physical safeguards are in place
Data is stored and transmitted securely
You can confidently use FORWARD for workflows involving participant health information.
What is SOC 2 Type II, and why does it matter?
SOC 2 Type II is an independent audit that evaluates whether a company’s security practices actually work over time—not just on paper.
FORWARD’s SOC 2 Type II report demonstrates:
Our security controls are clearly defined
They are followed consistently
They are tested by third-party auditors annually
This helps organizations trust that FORWARD’s systems are reliable, available, and designed to protect confidential information.
How does FORWARD support CCPA compliance?
FORWARD supports compliance with the California Consumer Privacy Act by:
Enabling transparency around what personal data is collected and how it’s used
Protecting data from unauthorized access
Supporting requests to access, correct, or delete personal data when applicable
Limiting data processing to program-related purposes only
CCPA protections apply to any California resident whose data is managed through your programs.
Who can access participant information within FORWARD Direct?
Access is role-based and controlled by your administrators. FORWARD ensures that:
Users only see the information needed to perform their job
Sensitive fields can be restricted to select roles
Permissions can be updated at any time
This helps prevent unauthorized access and supports clean, compliant program operations.
Does FORWARD share or sell participant data?
No.
FORWARD does not sell, rent, or share personal data for marketing or commercial purposes. Data is used only to support program delivery, reporting, and platform operations as defined in your agreements.
Where is my data stored?
All data is stored securely in U.S.-based, enterprise-grade cloud infrastructure. The environment includes advanced protections such as redundancy, encryption, and continuous monitoring.
Can participants request access or deletion of their data?
Yes.
FORWARD supports participant rights under CCPA and other applicable privacy laws. Your organization remains the system “data owner,” and you control how these requests are processed. FORWARD can assist with the technical steps needed to fulfill them.