Security fit for enterprise teams
We know that protecting your data from costly breaches and keeping up with compliance is critical to your company’s success. OfficeSpace provides robust security and industry-standard compliance solutions to mitigate risk so you can get back to business.
Feel confident when you connect your tools with OfficeSpace. Visit our Trust Center for details on audits and our certifications and our Vulnerability Disclosure Policy for guidelines on reporting vulnerabilities
- Highest-level security for networks, data, & employees
- Industry-standard compliance solutions
- Rigorous data privacy for our business and yours
- Enhanced AI that doesn’t sacrifice security
SECURITY
Encrypted, tested, controlled
Our multi-layered approach to security safeguards against rising cyber threats through employee training, technology processes, and best practices.
Employee access levels: Employees are granted access based on their role and training, with unique access identifiers for accountability. Access is revoked upon termination.
Authentication: Employees use password managers, strong passphrases, and two-factor authentication to access sensitive production data systems.
At rest and in transit: Our data is encrypted both in transit via HTTPS/TLS 1.2 or newer, and at rest with AES256.
Penetration testing: Regular testing is performed by third-party security providers to identify potential security or privacy concerns.
DevSecOps: Integration of security practices such as DAST and SAST into every aspect of our application and infrastructure deployments.
Monitoring: Proactive monitoring of networks, servers, and applications for malware and vulnerabilities, including nightly scans and endpoint virus and malware protection.
Review and evaluation: Our security team reviews vulnerabilities, categorizes threats, and prioritizes patches.
Network security: Use of Single Sign-On (SSO), Multi-Factor Authentication (MFA), Host Intrusion Detection, virus and malware protection, local firewalls, and network-level firewalls and Access Control Lists.
Company infrastructure protection: Applications and services run with monitoring tools to detect suspicious activity. Our infrastructure is hosted by SSAE 16/18 and ISO 27001-compliant providers.
Security and privacy training: All employees undergo initial and ongoing security training to ensure understanding and compliance with security practices.
Risk and assessment testing: OfficeSpace tests the effect of patches before deployment. Emergency patches may be deployed within 24 hours.
Audit, assessment, and verification: Verification of patch installation and collaboration with technology teams to confirm no adverse effects.
PRIVACY
Enhanced data privacy
Our systems implement rigorous measures to protect personal and sensitive data, adhering to both U.S. and international privacy laws and standards for the highest levels of confidentiality and integrity.
Legal compliance: Collaboration with legal professionals to ensure policies comply with legal and regulatory requirements.
Data privacy: Our systems implement rigorous privacy by-design measures to protect personal and confidential data, adhering to both U.S. and international privacy laws and standards, ensuring the highest levels of confidentiality and integrity.
Security and compliance assessments: Internal assessments to assess security and compliance of our internal practices. SOC2 compliance audit report maintained.
Data requests: Establishment of Data Processing Agreements (DPA) with Data Controllers and Sub-processors to protect Data Subjects' rights.
Third-party suppliers: Assessment and ongoing evaluation of third-party suppliers to ensure a strong security posture.
“Creating trust with our users is the objective. Maintaining that trust is a daily recurrence.”
Jorge M. Diaz, Head of Infosec at OfficeSpace
With over two decades of dedicated experience in Information Security and Privacy, including establishing the Information Security Office at LifeWorks and leading the Cloud Cyber Security team at Morneau Shepell (now Telus Health), Jorge M. Diaz (JD) is a deeply technical and strategic leader at the forefront of digital defense.
A staunch advocate for individual privacy rights and personal data security, JD is committed to advancing the standards of information security and privacy in every endeavor. At OfficeSpace, JD leverages a wealth of expertise across global data privacy, risk management, cloud security, and corporate security, to ensure the highest level of data privacy and security at OfficeSpace.
COMPLIANCE
Industry-standard compliance
Protecting your data is critical to your business and ours, and we’re committed to keeping sensitive information under lock and key. That’s why we test and maintain security and compliance internally and for any third-party vendor, and work with legal professionals to ensure regulatory adherence.
Classifying and inventory data: Data is categorized based on sensitivity and access requirements. Access control ensures only necessary employees access certain data levels.
Protecting data: Our practices include data segregation, access control, auditing, and ongoing risk evaluation.
Data and media disposal: Data is stored according to regulatory requirements and retention schedules. Data can be returned or de-identified upon request.
Public trust profile and catalog: Detailed information on security and compliance is available upon acceptance of a Non-Disclosure Agreement (NDA).
AI
Secure, ethical AI
Our commitment to responsible AI development and new technology is woven into the fabric of our vision for the future. We recognize the sensitive nature of private data and prioritize responsible collection and use.
OfficeSpace adheres to stringent global data protection standards, ensuring compliance with regulations that safeguard user information.
Robust anonymization and encryption techniques mask individual identities, protecting user privacy.
OfficeSpace offers clients clear controls over their data and transparent documentation about its data handling practices, fostering informed consent and trust.
AI solutions are designed to support diverse work styles and individual preferences, ensuring that optimization never comes at the expense of fairness or inclusivity.
OfficeSpace is trusted by cybersecurity experts
