Secure Personnel
At OCTODET, the protection of our data, as well as that of our clients and customers, is a key priority.
Our resources are strictly restricted to vetted personnel who have been screened through our onboarding process.
Secure Development
At OCTODET, each development project, from On-Premises software to support services and up to our Digital Identity Cloud offerings, needs to abide by the highest principles of secure development lifecycle.
Each new product, tool, and service, as well as major changes to existing ones, should be properly subjected to the design review process to ensure that security requirements are fully ingrained within the development process.Our development teams undergo annual secure coding and scripting language training on the job for the roles concerned. We also adhere to OWASP Top 10 guidelines to ensure that our software development is the best in terms of Web application security.
Secure Testing
OCTODET performs multi-faceted testing, using penetration testing and vulnerability scanning on a regular basis for our production and internet facing systems:
New systems or services must not be deployed into production before thorough scanning to identify and mitigate potential vulnerabilities.
Internally, our security engineers perform penetration tests of new systems, products, and significant changes to the existing systems and services. This provides us with a complete, realistic view of the security of our environment.
Additionally, our development process includes static and dynamic application security testing, including the review of open source libraries for risk mitigation.
Cloud Security
Industry-leading security is achieved through full customer isolation with our state-of-the-art multi-tenant architecture. At OCTODET Cloud, using inherent physical and network security capabilities of cloud service providers ensures infrastructure, services, and the policy of physical access are well-maintained.
Our patented isolation approach ensures that each customer's environment is securely segregated within a dedicated trust zone, preventing any risk of accidental or malicious data commingling. Data encryption will be applied both at rest and in transit for robust protection against unauthorized access and potential breaches.
OCTODET recognizes unique keys for data encryption, making the data of the customers confidential and isolated. Monitoring on the platform is done with our expert security team in place.
Also, data protection in all customer environments is SOC 2 compliant. It strictly enforces the role-based access controls and the principle of least privilege. Periodic reviews are also carried out for the revocation of access that is no longer needed.
Compliance
OCTODET is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of OCTODET’s dedication to protecting our customers by regularly assessing and validating the protections and effective security practices OCTODET has in place.
SOC 2 Type 2
By undergoing the SOC 2 Type II audit by Prescient Assurance, the leader in security and compliance certifications for B2B and SaaS organizations, OCTODET has ensured its information security practices, policies, procedures, and operations fully comply with the stringent SOC 2 standards in respect to security.Prescient Assurance is a registered public accounting firm in the United States and Canada, specializing in risk management and assurance services, including but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For anything else you would want to learn about in relation to our services, send us your mail to info@prescientassurance.com.
With an unqualified opinion, the SOC 2 Type II audit report provides assurance that OCTODET is doing its best to commit to the highest standards of security and compliance.
For customers and prospects, the audit report is available upon request with the completion of a request form to agree to our NDA terms.