At Operative, security and privacy of your data is one of our key focus points. Data protection is a foundational building block in gaining and maintaining your trust.
Operative implement a robust security program spanning from secure system architecture through training and teaching employee’s security and privacy best practices. We believe in creating a culture of security awareness and understanding that security doesn’t have to be difficult.
ISO 27001:2013 – Operative are compliant and certified to the ISO 27001:2013 global standard for information security management.
SOC 1 Type 2 – Operative.One is audited and complies with the AICPA standards for Controls at a Service Organization, audited annually.
SOC 2 Type 2 – Operative.One has recently added SOC 2 audit report audited annually.
SOC 2 Type 2 Managed Hosting Services – Operative’s Managed Hosting Service offering recently added SOC 2 audit report audited annually.
Operative cloud-based services and platforms are hosted on Amazon Web Services (AWS). AWS datacenters meet security regulations and standards with industry-leading physical and environmental controls. Operative’s solutions benefit from a datacenter and network architecture built to meet the requirements of the most security-sensitive organizations. AWS are compliant with a wide range of standards, laws and regulations including CSA, various ISO standards, PCI, SOC reports, FedRAMP, and more. Additional information can be found in the link.
Operative are committed to maintaining and improving the security of our environments. Maintaining secure network environments requires continuous attention. We regularly review the services and information accessible on our servers and their security requirements.
Security controls are implemented within networks using a strict access control policy. Access points into the network are blocked apart from those deemed essential or business critical.
All transmission of data over the internet is communicated via HTTPS. Our services support Transport Layer Security encryption, providing the necessary levels of confidentiality, integrity and non-repudiation.
Malware protection suites are installed and managed from a centralized location including monitoring and logging of events.
Operative perform various security tests and audits for the infrastructure and application. Tests include amongst others:
Access to data is controlled and provided to teams and members with specific business needs. Regular permission review is performed to prevent permission overlap, permission creep or conflict of interests.
Operative perform various activities to improve the awareness around security and privacy. Some of these include annual awareness training sessions for both security and privacy.
In order to improve and ready employees for cyber incidents, Operative perform various testing and internal simulations. The results are analyzed and studied to continuously improve the security program.
Operative maintain disaster recovery capabilities to minimize the impact of disruptions to our operations.