Operative Security Policy

At Operative, security and privacy of your data is one of our key focus points. Data protection is a foundational building block in gaining and maintaining your trust.

Operative implement a robust security program spanning from secure system architecture through training and teaching employee’s security and privacy best practices. We believe in creating a culture of security awareness and understanding that security doesn’t have to be difficult.

Compliance and Standards

ISO 27001:2013 – Operative are compliant and certified to the ISO 27001:2013 global standard for information security management.

SOC 1 Type 2 – Operative.One is audited and complies with the AICPA standards for Controls at a Service Organization, audited annually.

SOC 2 Type 2 – Operative.One has recently added SOC 2 audit report audited annually.

SOC 2 Type 2 Managed Hosting Services – Operative’s Managed Hosting Service offering recently added SOC 2 audit report audited annually.

Data Center Security

Operative cloud-based services and platforms are hosted on Amazon Web Services (AWS). AWS datacenters meet security regulations and standards with industry-leading physical and environmental controls. Operative’s solutions benefit from a datacenter and network architecture built to meet the requirements of the most security-sensitive organizations. AWS are compliant with a wide range of standards, laws and regulations including CSA, various ISO standards, PCI, SOC reports, FedRAMP, and more. Additional information can be found in the link.

Network Security

Operative are committed to maintaining and improving the security of our environments. Maintaining secure network environments requires continuous attention. We regularly review the services and information accessible on our servers and their security requirements.

Security controls are implemented within networks using a strict access control policy. Access points into the network are blocked apart from those deemed essential or business critical.

Encrypted Data In Transit

All transmission of data over the internet is communicated via HTTPS. Our services support Transport Layer Security encryption, providing the necessary levels of confidentiality, integrity and non-repudiation.

Endpoint Security

Malware protection suites are installed and managed from a centralized location including monitoring and logging of events.

Vulnerability Management

Operative perform various security tests and audits for the infrastructure and application. Tests include amongst others:

  • Static code analysis
  • Dynamic code analysis
  • Network vulnerability assessment
  • Network penetration testing
  • Application vulnerability assessment
  • Penetration testing of multiple environments and solutions

Data Access

Access to data is controlled and provided to teams and members with specific business needs. Regular permission review is performed to prevent permission overlap, permission creep or conflict of interests.

Security and Privacy Awareness

Operative perform various activities to improve the awareness around security and privacy. Some of these include annual awareness training sessions for both security and privacy.

Cyber-attack Simulation

In order to improve and ready employees for cyber incidents, Operative perform various testing and internal simulations. The results are analyzed and studied to continuously improve the security program.

Business Continuity and Disaster Recovery

Operative maintain disaster recovery capabilities to minimize the impact of disruptions to our operations.

Privacy

Operative is committed to implementing and maintaining systems and policies to protect your privacy. Our full privacy policy, including how we handle and collect Personally Identifying Information (PII) can be found here: https://www.operative.com/privacypolicy/