o9 SOC-2 Attestation

o9 Solutions has been attested by independent 3rd party to conform to SSAE 16 / SOC-2 controls.

soc-service-org_b_marks_2c_web

Physical Security

Our servers are located within AWS enterprise-grade hosting facilities. Access is restricted to authorized staff by a combination of biometric systems and 24/7 onsite security guards, and is continually audited to meet SOC 2 Type II standards.

 

Firewalls & Network Security

External access to our servers is controlled by multiple layers of firewalls, intrusion protection systems and routers, which are configured and monitored according to industry best practice. Our own internal office networks are isolated from any customer data by design.

 

SSL

Our servers have SSL Certificates signed by DigiCert, so all data transferred between the users and the service is encrypted. The encryption is the same as that used for Internet banking.

 

User Access & Passwords

No one has access to your instance and data unless invited by you and with a level of user permission selected by you. You can remove any invited users whenever you want. Approved users must choose a strong password and automatic lockouts are enforced when incorrect passwords are repeatedly entered. We don’t allow the browser to save your login, which eliminates access from a stolen or compromised computer. If you leave your computer unattended for an extended period, you will be automatically logged out.

 

Third Party Vulnerability Testing

We perform regular web application vulnerability and penetration testing and automated server port security scanning using Qualys Enterprise scanners.

 

Third Party Access

Transfer of data to any third parties can only occur with your consent and to organizations that provide adequate data protection.

 

Data Protection & Backup

Our service has been designed for high user availability, with redundancy built into our hosting infrastructure, including redundant power, network, database and web servers. Our service availability performance stands at over 99% since launching the service in 2014. All customer data is backed up daily and backups are kept for 30 days or longer if required.