We take security seriously. This section provides details on our information security policies and procedures.
- Security Overview – Details on OrgChart Now Security.
- Incident Management – Incident Management Procedure
- Incident History – Logs of incidents (Started January 1, 2016).
- Information Security Training – Required training for all IT and Support Staff
- Patch Management Process – Timely patching of our systems is critical to maintaining the operational availability, confidentiality and integrity of information assets.
- Change Management Process – Process that is used for managing implementation of change to infrastructure including hardware, software, services or related documentation.
- Development Methodology – Our software development methodology incorporates security as one of the guiding principles
- Network Diagram – Our hosting partners use industry “best practice” methods to make sure our network and servers are secure.
- Management Review – Our management team is tasked with periodically reviewing all security policies and procedures to ensure the information security program remains viable.
Q: Where is my data stored?
A: We have certified hosting providers in the United States, United Kingdom, Australia and South Africa. Contact us at firstname.lastname@example.org if you have questions or concerns about where your data is hosted.
Q: Do you perform penetration testing?
A: Penetration tests are performed on an bi-annual basis. Please contact us at email@example.com for more details on penetration testing.
Q: Do you perform vulnerability scanning?
A: Vulnerability tests are performed on a bi-annual basis. Please contact us at firstname.lastname@example.org for more details on vulnerability scanning.
Q: What other security testing do you do?
A: Static code analysis is performed on a bi-annual basis. Static code analysis proactively looks for security flaws in application source code (such as those defined by OWASP – https://www.owasp.org).
Q: Is security scanning and testing done in house or by a third party?
A: We use a third party. We have partnered with ADP (http://www.adp.com/) to perform the following security testing (pen testing, vulnerability scanning and static code analysis).
Q: Do you monitor your systems to detect system failures and potential information security threats?
A: Yes. We use RackSpace Monitoring (https://support.rackspace.com/how-to/rackspace-monitoring/) to ensure we find problems before you do. We monitor system parameters including Available Disk Space, CPU Usage, Memory and Network Response Time. We also monitor for potential security threats including excessive login attempts, denial of service attacks and unauthenticated page requests.
Q: How are passwords managed?
A: Learn more click clicking Password Management.