Keeping our customers' data protected at all times is our highest priority
This page provides a high-level overview of Oscilar's security practices to protect our customers' data.
SOC2 Type 2
The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to the storage, retrieval, processing, and transfer of data. The SOC 2 reports is regularly refreshed and focuses on controls around security, availability, and confidentiality of customer data.
Request SOC2 Type 2 Certification
ISO 27001 Compliant
The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits.
Request ISO 27001 Certification
Secure by design
The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to the storage, retrieval, processing, and transfer of data. The SOC 2 reports is regularly refreshed and focuses on controls around security, availability, and confidentiality of customer data.
Penetration tested
Oscilar employs a third party security firm to perform Security, Vulnerability, and Penetration testing for all our products. These are run at least annually and findings are remediated according to their criticality and prioritization. Oscilar’s penetration and security assessment test summaries can be requested here.
Security practices
Data encryption
We encrypt your data in storage using the industry-standard AES-256 encryption algorithm using a 256-bit key. All the data in transit is encrypted using SSL/TLS. You can see our SSLLabs report here.
Network security
We use industry-standard secure protocols to encrypt data in transit in both our external and internal traffic. Our network is continuously monitored for malicious or abnormal activity, and all the anomalies detected are thoroughly investigated.
API
We only allow sending data to Oscilar API using SSL/TLS. Access to the API is restricted using an industry-standard 256-bit authorization key.
Secure authentication
We offer secure authentication for your Oscilar users. We support federated identity by signing in with a Google account, as well as creating a dedicated Oscilar account. All your accounts are backed by a dedicated and secure identity system that is independent of the rest of the Oscilar infrastructure and has limited access.
Application security
We are continuously monitoring for vulnerabilities in the third-party software we use to protect against supply chain attacks. We have an automated process for detecting vulnerabilities in our third-party dependencies and a comprehensive process for investigating and remediating them.
Internal access
Access to our internal systems is protected by multi-factor (or multi-step) authentication. We grant a minimum level of access required for an employee to fulfill their role. All our employees are required to take periodical security training.
See Oscilar in action.
Request a Demo →