As Orgnostic handles sensitive HR data, our customers need to have the highest confidence in our security. Here’s how we ensure the security of customer data.
At Orgnostic, security is a top priority. We are constantly working on ensuring the highest level of security for our customers’ data through following industry standards.
We’ve obtained our SOC 2 Type 1 report earlier this year. This report proves the validity of our security controls. As part of our Security & Compliance efforts, we are now pursuing SOC 2 Type 2 attestation.
What is Orgnostic doing to ensure data security?
Here are some of the measures we’re taking to ensure the security of customer data:
Encryption by default — we encrypt your data, both at rest and in transit, using industry standard encryption. This means your data is protected from prying eyes both on storage and while you’re accessing it.
Secure network design and secure connectivity — we are using industry standard solutions to make sure our networks are secure and protected. We use a bleeding edge VPN solution to access our internal networks, enabling us to maintain a remote workforce without impact to security.
Continuous monitoring and logging — we maintain logs throughout our infrastructure, making sure we maintain audit trails for every action.
Vulnerability management including container scanning — we are scanning our infrastructure and applications to make sure we identify and remedy any vulnerabilities we encounter.
Supply chain security & dependency scanning — we carefully select technologies that we use to build our people analytics platform. We use dependency scanning to make sure that we use only safe solutions.
Vulnerability disclosure program — we are making it easy for security researchers to report any vulnerabilities to us by using security.txt.
Security awareness program — all our employees go through security awareness training.
Secure coding principles — we are using some of the go-to solutions for SAST. They help us identify security bugs before they can reach our production environment.
External penetration testing — we perform an annual penetration test of our platform to make sure our applications and network perimeter systems are secure.
Continuous security and compliance monitoring — we are using modern tools to monitor the security of our organization and make sure we are complying with our security policies.
GDPR — our EU-based DPO is making sure we have the principles of GDPR implemented in our everyday operations.
Standardizing our Security and Compliance — we are working on standardizing our security and compliance program by pursuing SOC 2 attestation. An independent third party SOC 2 evaluation has proven the validity and robustness of our security controls put in place to protect our customers’ data.
SOC 2 attestation: What are Type 1 and Type 2 reports?
SOC 2 defines criteria for evaluating how well a company manages customer data and ensuring a set of security controls are in place.
The SOC 2 Type 1 report evaluates design sufficiency of an organization’s administrative, technical and logical controls against the AICPA’s Trust Services Criteria, while the SOC 2 Type 2 report additionally shows that the controls are operating effectively over a period of time.
What is included in Orgnostic’s SOC 2 report?
Our SOC 2 Type 1 report describes the current systems and controls we’ve put in place to protect customer data at a certain point in time. It describes how well our controls are designed to protect our customers’ data.
Security is everyone’s responsibility. We are promoting security culture throughout our organization, making sure everyone understands that security and privacy are principles on which trust is built, both in and out of the organization.
Our next immediate goal is to prove the effective operation of our controls by undergoing a SOC 2 Type 2 attestation.
Requesting the report
If you are a current Orgnostic customer, or are interested in becoming one, you can ask us to send you our SOC 2 report — just email us at [email protected]