Security Overview

ISO 27001

Our security program is aligned with ISO 27001

 

GDPR Compliance

We have reviewed our security policies to make sure we are compliant with GDPR requirements. Our sub-processors having access to personal data are certified ISO 27001 and we hold Standard Contractual Clauses with them.

 

Security within the organization

Dedicated teams for application and operational security with the full support of upper management.

 

Vulnerability Management

Regular scans for vulnerabilities as done and reviewed. In addition, we have a private bug bounty program with HackerOne for continuous intrusion testing.

 

Data Protection

Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest.

 

Access Controls

Only a select few senior production support staff have access to customer data. MFA and VPN are required for access. Production data never leaves the production environment without being fully anonymized including feedback content, group names, company names etc.

 

Incident Response

Our Security Incident Response Team is well prepared to handle any incident. Our clients are notified within 48 hours in the event of a breach or compromise of Officevibe’s security program resulting in a real risk of significant harm to individuals.

 

Application Security

Single Sign-On options including SAML 2.0 are available. Passwords are hashed using PBKDF2 and are salted with unique salts. Logging and auditing are meticulous and monitored.

 

Employee Policies

All employees undergo a background check and have required security training and awareness. 

Share

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request