Resources • security • IT • 2FA

Security & IT overview (answers your IT team will ask)

A practical overview for IT and security reviewers: tenant isolation, access controls, 2FA policy, audit trails, and recommended customer policies for handling evidence packs.

Start 7‑day free trial Workspace setup checklist

7‑day trial. No card required. Cancel anytime.

Security
IT
2FA
Audit trails

Last updated: 28 Jan 2026

Jump to: Tenant isolation Access control Audit trails Customer policies Related

At a glance

Best for: IT and security reviewers checking rollout risk
Focus: Tenant isolation, roles, 2FA and audit answers
Outcome: Faster internal sign-off for operational rollout

Portal

Exports

Billing

Fire Door App workspace overview for security and access reviews. — Workspace overview

Guide summary

The goal: clear answers for IT teams so rollouts don’t stall on uncertainty.

Separation Separate customer workspaces prevent customer data mixing.

Controls Roles + 2FA policy keep access appropriate to the job.

Auditability Door-level evidence trails and exports from the record.

Who this is for / when to use it

Use this for IT/security review, procurement, and rollout sign-off — especially when you need clear answers quickly.

IT/security teams: access control, tenant separation, auditability.
Ops leaders: define customer policies for exports and evidence packs.
Admins: configure roles + 2FA and document decisions.

Tenant isolation (high level)

Fire Door App keeps each customer in a separate workspace so data isn’t mixed between organisations.

Workspace separation: data is scoped to your organisation’s workspace.
Access by membership: users only see workspaces they belong to.
Least privilege mindset: roles control who can configure, export, or manage billing.

Access control + roles + 2FA

Access control is both a product feature and an organisational policy decision.

Roles: align roles to tasks (capture, review, billing, admin).
Workspace 2FA: define a policy and apply it consistently for internal users.
Client portal 2FA: encourage (or require) 2FA for portal users when enabled.
Account ownership: ensure at least two owner/admin accounts exist.

Related: Workspace setup checklist →

Offline + device policy (recommended)

Offline-friendly workflows help on site, but IT teams should treat field devices as part of the security boundary.

Device security: use disk encryption, lock screens, and MDM where appropriate.
Shared tablets: avoid shared logins; sign out and clear offline cache before handing devices over.
Evidence handling: store exported packs centrally with controlled access (not personal devices).

Audit trails (activity visibility)

Evidence packs are most defensible when the record shows identity, history, and outputs from the same dataset.

Door identity: stable IDs prevent “which door was this?” disputes.
Evidence continuity: photos and notes attached to the door record.
Outputs: PDFs/CSVs generated from the underlying record.

Related: Audit trail checklist →

Data handling basics (exports, retention expectations)

Your retention and sharing policies matter as much as the tool.

Exports: decide what gets exported, where it is stored, and who can access it.
Sharing: define whether you use portal access, PDFs, or both.
Retention: agree how long you retain outputs and evidence for your contracts.

Checklist: export handling policy

Storage location: where PDFs/CSVs are archived (and who owns the folder).
Access control: least-privilege access to exports (avoid “anyone with the link”).
Naming: define a naming convention (site/building/date/visit).
Retention: how long you keep exports after job completion.

Recommended customer policies

Policies that reduce risk and prevent avoidable access problems.

Device hygiene: keep devices updated and locked; use MDM where appropriate.
Leavers process: remove access when staff leave; avoid shared logins.
Output storage: store exported packs centrally with controlled access.

Questions to answer for IT sign-off

Identity: who owns admin accounts, and what is the 2FA requirement?
Exports: who can export, and where are exports stored?
Client access: portal access vs PDFs, and who approves access changes?
Offboarding: how quickly do you remove access for leavers?

Common pitfalls (what slows IT approval)

Most security delays come from policy uncertainty, not technical blockers.

Assuming “the tool guarantees compliance”: Fire Door App supports evidence workflows; governance stays with your organisation.
Unclear retention rules: decide where exports live and who owns the archive.
Shared accounts: shared logins create audit and leavers-process problems; use named accounts + roles.
Over-sharing outputs: avoid forwarding PDF packs widely; use controlled access where appropriate.

Common questions

Quick answers for IT and security reviewers.

Do you support SSO (SAML/OIDC)?

SSO is not part of the standard setup described here. Most teams start with roles + 2FA; if SSO is a hard requirement, confirm it with us before rollout.

How is data separated between customers?

Fire Door App keeps each customer in a separate workspace so data is not mixed between organisations. Access is controlled by roles and account membership.

What about audit logs?

Fire Door App is designed around door-level history and audit-friendly evidence trails so teams can see what happened, when it happened, and what outputs were issued from the record.

Is this a compliance guarantee?

No. Fire Door App supports workflows and evidence retention. Your organisation remains responsible for competent-person decisions and compliance with legal and contractual obligations.

Next step

Share this page with your IT team.

Or contact us with your security questionnaire and we’ll confirm the current position and requirements.

Security and rollout answers in one place.

Contact Start 7‑day free trial