Your data security is important to us.

 

Origin processes confidential business information for enterprise companies. Our customers rely on us to protect their data and their systems.

 

As an ISO27001 certified organisation, we have developed a comprehensive set of practices and policies to ensure the security of your data.

 

Application Security

 

  • Origin’s web applications use encrypted communication
  • Origin’s API’s use industry standard authentication
  • Origin’s offers secure options for data exchange, these include SSH tunnels and SSL/TLS encryption.
  • Origin’s integrations use the minimum permissions that are required to access the data they require.

 

Environment

 

  • Origin’s servers are hosted in Amazon Web Services, which provides assurances for their physical and virtualized computing environments including SOC 1, 2, and 3, and ISO/IEC 27001.
  • Origin operates within an Amazon Virtual Private Cloud (VPC), with subnets segregated by security level, and firewalls configured to restrict network access.
  • Origin performs frequent pen testing and regular security updates.

 

 

Our Practices

 

  • All staff are trained in keeping data safe and mandates policies that protect data
  • We monitor application logs, system logs, data access logs for unusual behaviour and have alerts in place based on these monitors
  • All staff are background checked
  • Our extensive security policy documents our procedures for handling incidents, which includes notifying our customers in the event of a verified breach.
  • All passwords and access tokens are encrypted
  • All non-essential data is removed after 90 days

 

 

Shared Responsibility

 

While we continuously focus on doing our part to maintain high standards for security and complying with regulations, you also have a role to play in helping to ensure the security of your data. As a data connectivity tool, our customers connect to a number of organisations and other parties are responsible for their own data security.

 

Compliance and Regulations

 

ISO 27001

We are an independently audited and certified ISO 27001 organisation. This provides an industry wide understanding that a company adheres to trusted security principles.

 

For details of our ISO 27001 certification, please contact us.

 

GDPR

We comply with the European Union’s General Data Protection Regulation, which governs data protection and privacy for all individuals citizens of the European Union and the European Economic Area.

 

Incident Response

We have incident response policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues. As part of our incident response procedures, we have trained our teams to:

 

  • Promptly respond to alerts of potential incidents
  • Determine the severity of the incident
  • Analyze and assess the extent of the incident
  • If necessary, execute mitigation and containment measures
  • Communicate with relevant internal and external stakeholders, including notifying affected customers so as to comply with relevant laws and regulations and meet contractual obligations around breach or incident notifications
  • Gather and preserve evidence for investigative efforts

Talk to us today

Get in touch

© Copyright 2024, Sandfield Associates Limited. All Rights Reserved. Privacy Policy