Privacy
Ensuring your data privacy across all parts of our business.
OPERATIVE TRUST CENTER
COMMITTED TO TRUST AND SECURITY
Delivering transparency about what Operative is doing to secure your assets, respond to security incidents, and protect your data.
Trust Is Our Top Value
Welcome to the Operative Trust Center. Below, you’ll find information about how Operative strives to earn the trust of our customers through our focus on security, compliance, privacy, and performance. With deep industry certifications, as well as full compliance to security protocols across Amazon Web Services and Google Cloud Platform, Operative delivers the industry’s most trusted Revenue Automation Platform.
Security
Building security into everything we do.
Compliance
Fully certified compliant in order to ensure data safety.
Security and Privacy Compliance
Operative maintains a comprehensive security and privacy program that coordinates people, processes, and technology to protect our products and customer data. Our program focuses on safeguarding the confidentiality, integrity, and availability of our services, and we implement a variety of controls to maintain these tenets.
Operative’s security, privacy and data protection program begin with strategic information security policies defined and supported by Operative’s Chief Information Security Officer, Chief Privacy Officer and Executive Management. We proactively manage and monitor security risks, promotes security through process maturity and effective system architecture.
Privacy
At Operative, we take your privacy rights very seriously, and take a global approach to privacy. Our privacy notice, linked below, explains how Operative collects, uses and discloses information we gather through our website and products. Please visit our privacy notice for more information about how we treat your personal information.
Privacy Certifications
Operative maintains an ISO 27701 certification based on its effective data privacy management program with respect to its processing of personally identifiable information.
Exercising your Privacy Rights
Under applicable data protection laws, you may have certain rights relating to your personal data. Please see our privacy notice for more information about these rights. To exercise these rights please complete the form available here.
Subprocessors
Operative engages third-party service providers (subprocessors) in connection with our service offerings. To learn more about Operative’s subprocessors please see our subprocessor list available here.
Compliance and Certifications
Operative has established organizational and technical controls to ensure that we adhere to our compliance and customer commitments. These include strict international standards and regulations in order to keep your data safe.
ISO 27001:2013
Information Security Management System
ISO 27017:2015
Code of practice for information security controls based on ISO/IEC 27002 for cloud services.
ISO 27701:2019
Privacy Information Management
SOC
SOC 1 Type 2
SOC 2 Type 2
Data Protection
Operative’s cyber security is focused on continuously improving alignment and support of business operations while ensuring that our customers’ data is safe and secure. Operative’s security and privacy program includes a combination of data protection technologies, practices, and safeguards. Our team continues to strengthen fundamental mechanisms and processes so customers can rely on Operative’s products with confidence.
All data in Operative’s SaaS products is encrypted in transit and at rest using industry standard key lengths and algorithms. Transport encryption is secured with TLS 1.2, and for data at rest including backups, AES 256 is in place.
Access rights and permissions are carefully provided on a least privileged basis. Employees with access to Operative environments holding customer data are required to use SSO (single-sign on) and multi-factor authentication. In addition, Operative implements automated provisioning processes to promptly revoke access when an employee leaves the company. Access rights are regularly reviewed by Operative’s security team.
Operative maintains a multilayered network and endpoint solutions to centrally monitor, detect, alert and actively protect company and customer assets.
Operative monitors infrastructure 24x7x365 and maintains a proactive threat hunting and rapid reaction posture to address security incidents. Networks and environments are continuously monitored to alert the security team and respond to cyber security incidents.
Developing Secure Platforms
Operative contemplates and implements security within the design of its products at multiple levels to prioritize security and privacy principles and measures Specifically, Operative’s development process includes software composition analysis, static code analysis, dynamic code analysis vulnerability assessment, and penetration testing.
Operative implements processes to address data protection at the earliest stages of the development lifecycle.
Identifying security issues from the early stages of development is a key piece of the development lifecycle. Open-source risk including software against license violations, vulnerabilities, and supply chain threats are reviewed as part of the process.
Operative performs both dynamic and static code analysis to identify and remediate security vulnerabilities in the code.
Operative’s security team leverages a variety of tools to scan our networks and applications for vulnerabilities on a continuous basis.
On multiple occasions during the calendar year, Operative engages with reputable third-party vendors to perform penetration tests on our software. Findings are reviewed remediation processes are initiated to fix the identified issues.
Service Availability
Our SaaS services are developed and deployed in a reliable manner leveraging cloud hosting platforms. Multiple Availability Zones and geographically separated environments are used to support Operative’s SaaS environments to provide redundancy to Operative platforms, and we continuously monitor performance metrics for all of the infrastructure components.
Operative works with AWS and GCP, market leaders in public cloud services. Our cloud services providers implement industry standard physical and environmental security measures, reinforcing infrastructure resiliency built for scale.
Operative maintains internal processes to address backup, restoration, and non-availability scenarios. Our cloud services allow us to operate in multiple data centers that are geographically separated to minimize and prevent negative impact to our services.
Security and Privacy Resources
DPA
Subprocessors
Privacy Policy
DSAR
Privacy Policy
To learn about our commitment to privacy protection please see our Privacy Policy available here.
