Our security program is aligned with ISO 27001
We have reviewed our security policies to make sure we are compliant with GDPR requirements. Our sub-processors having access to personal data are certified ISO 27001 and we hold Standard Contractual Clauses with them.
Security within the organization
Dedicated teams for application and operational security with the full support of upper management.
Regular scans for vulnerabilities as done and reviewed. In addition, we have a private bug bounty program with HackerOne for continuous intrusion testing.
Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest.
Only a select few senior production support staff have access to customer data. MFA and VPN are required for access. Production data never leaves the production environment without being fully anonymized including feedback content, group names, company names etc.
Our Security Incident Response Team is well prepared to handle any incident. Our clients are notified within 48 hours in the event of a breach or compromise of Officevibe’s security program resulting in a real risk of significant harm to individuals.
Single Sign-On options including SAML 2.0 are available. Passwords are hashed using PBKDF2 and are salted with unique salts. Logging and auditing are meticulous and monitored.
All employees undergo a background check and have required security training and awareness.