OrgChart Security

We take security seriously. This section provides details on our information security policies and procedures.

  • Application Security – OrgChart Now has a robust security overlay to ensure proper access control within the OrgChart Now application.
  • Security Overview – Details on OrgChart Now Security.
  • Background Check Policy – Background checks are required for all employees that have access to customer data.
  • Privacy Policy – OrgChart Now Privacy Policy
  • Incident Management – Incident Management Procedure
  • Incident History – Logs of incidents (Started January 1, 2016).
  • Information Security Training – Required training for all IT and Support Staff
  • Development Methodology – Our software development methodology incorporates security as one of the guiding principles
  • Patch Management Process – Timely patching of our systems is critical to maintaining the operational availability, confidentiality and integrity of information assets.
  • Change Management Process – Process that is used for managing implementation of change to infrastructure including hardware, software, services or related documentation.
  • Development Methodology – Our software development methodology incorporates security as one of the guiding principles
  • Network Diagram – Our hosting partners use industry “best practice” methods to make sure our network and servers are secure.
  • Management Review – Our management team is tasked with periodically reviewing all security policies and procedures to ensure the information security program remains viable.

FAQs

Q: Where is my data stored?
A: We have certified hosting providers in the United States, United Kingdom, Australia and South Africa. Contact us at support@orgcharthosting.co.za if you have questions or concerns about where your data is hosted.

Q: Do you perform penetration testing?
A: Penetration tests are performed on an bi-annual basis. Please contact us at support@orgcharthosting.co.za for more details on penetration testing.

Q: Do you perform vulnerability scanning?
A: Vulnerability tests are performed on a bi-annual basis. Please contact us at support@orgcharthosting.co.za for more details on vulnerability scanning.

Q: What other security testing do you do?
A: Static code analysis is performed on a bi-annual basis. Static code analysis proactively looks for security flaws in application source code (such as those defined by OWASP – https://www.owasp.org).

Q: Is security scanning and testing done in house or by a third party?
A: We use a third party. We have partnered with ADP (http://www.adp.com/) to perform the following security testing (pen testing, vulnerability scanning and static code analysis).

Q: Do you monitor your systems to detect system failures and potential information security threats?
A: Yes. We use RackSpace Monitoring (https://support.rackspace.com/how-to/rackspace-monitoring/) to ensure we find problems before you do. We monitor system parameters including Available Disk Space, CPU Usage, Memory and Network Response Time. We also monitor for potential security threats including excessive login attempts, denial of service attacks and unauthenticated page requests.

Q: How are passwords managed?
A: Learn more click clicking Password Management.