Omniex designs its processes and procedures related to the Omniex platform to meet its objectives. Those objectives are based on the service commitments that Omniex makes to user entities, the laws and regulations that govern the provision of the system, and the financial, operational, and compliance requirements that Omniex has established for the services.
Security commitments to user entities are documented and communicated in customer agreements, as well as in the description of the service offering provided online. The principal security commitments or standardized include the following:
- Maintain administrative physical and technical safeguards for the security and confidentiality of customer data
- Maintain security procedures that are consistent with applicable industry standards
- The use of logical access controls to safeguard the receipt, storage, and internal transfer of client data within system boundaries
- Not to disclose, make public, or authorize disclosure or publication of confidential information except as expressly agreed to in the confidentiality agreement or otherwise in writing by the disclosing party
- Protect against unauthorized or unlawful access or use or accidental loss or destruction of, or damage to, customer data
- Notify customers of new patches applied to production environments
- Maintain incident management policies and procedures, including establishing escalation procedures with customers
- Establish an incident response team to investigate and respond to security incidents
- Provide customers with access to technical support engineers for assistance in the proper installation and use of the software, and to help resolve software problems
- Upon receipt of a problem from a customer, Omniex will use reasonable efforts to correct or circumvent the problem
Omniex establishes operational requirements that support the achievement of the principal service commitments, relevant laws and regulations, and other system requirements. These requirements include, but are not limited to, the following:
- Use of account and password management processes
- Continuously monitor the production environment via network security controls designed to identify malicious traffic
- Antivirus software to guard against trojans, worms, virus, and other malware from affecting corporate systems
- Periodic security and vulnerability assessments and remediation processes
- Use of encryption technologies to protect system user data at rest
- Transmission of users’ unique login credentials, as well as data in the resultant connection, via encrypted connections
- Regular reviews of security and performance metrics to help ensure commitments are met
- Change management procedures to support the required authorization, documentation, testing, and approval of system changes
- Mandatory background screening and security awareness training for employees