Omilia Cloud Platform

Security Policy

Back to Home

Last modified: May 10, 2023

1. Information Security Program

Omilia maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to the size, scope and type of Omilia's business; the type of information that Omilia will store; and the need for security and confidentiality of such information.

Omilia's security program includes:

  • Security awareness: Training on data privacy and information security obligations.
  • Security personnel: A security organization responsible for developing and maintaining information security.
  • Security policies: Policies designed to protect Customer Personal Data from unauthorized disclosure.
  • Asset management: Asset classification, acceptable use, and information handling policies.
  • Access control: Policies designed to ensure appropriate access to Customer Personal Data.

2. Network Security

Omilia maintains network security controls designed to provide protection from threats. These controls include:

  • Network segmentation using firewalls and access control lists.
  • Intrusion detection and/or prevention systems.
  • Regular vulnerability scanning and remediation.
  • Encryption of Customer Personal Data in transit using TLS protocols.

3. User Access Control

Omilia implements access controls to limit access to Customer Personal Data based on need to know and least privilege principles. Access controls include:

  • Role-based access controls.
  • Strong password requirements and multi-factor authentication.
  • Regular reviews of user access.
  • Prompt revocation of access upon employee termination or role change.

4. Data Encryption

Omilia encrypts Customer Personal Data both at rest and in transit. Data at rest is encrypted using AES-256 encryption or equivalent. Data in transit is encrypted using TLS 1.2 or higher.

5. Business Continuity and Disaster Recovery

Omilia maintains a business continuity and disaster recovery program designed to maintain the availability of the OCP Services. The program includes:

  • Regular backups of Customer Personal Data to geographically separate locations.
  • Disaster recovery procedures to restore the OCP Services within defined recovery time objectives.
  • Regular testing of disaster recovery procedures.

6. Incident Response

Omilia maintains an incident response plan that enables prompt response to security incidents. The plan includes:

  • Procedures for detecting, containing, and eradicating security incidents.
  • Procedures for notifying affected Customers within 72 hours of becoming aware of a security incident.
  • Procedures for documenting, investigating, and analyzing security incidents.

7. Third-Party Security

Omilia evaluates the security practices of third-party service providers who may have access to Customer Personal Data. Omilia requires such providers to implement appropriate security measures.

8. Certifications and Compliance

Omilia maintains the following certifications and compliance measures:

  • ISO 27001 certification for Information Security Management System
  • SOC 2 Type II attestation
  • PCI DSS compliance
  • HIPAA compliance capabilities
  • GDPR compliance

9. Contact

For any questions regarding this Security Policy, please contact us at security@omilia.com.