The implementation of new software can raise security concerns and questions.The security of your infrastructure, data and ensuring that nothing is exposed, especially when integrating our platform, is very important to us.
We deal with the topics of security and data protection on two levels:
Company level
- Security and privacy framework is structured around the control families defined in ISO/IEC 27001:2022.
- Fully aligned with the requirements of the General Data Protection Regulation (GDPR).
- Fully aligned with the requirements of the Swiss Federal Data Protection Act (revFADP).
- Operation of an internal Information Security Management System (ISMS) and a Governance, Risk, and Compliance (GRC) framework, designed to ensure that security risks are consistently identified, assessed, and managed.
- Independent security stakeholders carry out regular penetration testing, security audits, and checks.
OC platform level
- Communication between the end user and the OC View web interface takes place via the secure HTTPs protocol, which ensures encrypted and secure use of the OC platform.
- Communication between OC Collector and OC View takes place via the secure HTTPs protocol.
- Authentication between OC Collector and OC View takes place via encrypted RSA keys.
- OC Collector stores data in a local and encrypted SQLite database, which is sent to the OC View server via HTTPs.
- OC View stores data in a non-encrypted PostgreSQL database, credentials are encrypted.
- All credentials configured and stored in OC View are encrypted with AES.
If you have any questions or if anything is unclear, please contact our support team at support@octopus.cloud.