Keeping our customers' data protected at all times is our highest priority

This page provides a high-level overview of Oscilar's security practices to protect our customers' data.

GDPR-Compliant

GDPR-Compliant

SOC2 Type 2

The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to the storage, retrieval, processing, and transfer of data. The SOC 2 reports is regularly refreshed and focuses on controls around security, availability, and confidentiality of customer data.

Request SOC2 Type 2 Certification

ISO 27001 Compliant

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits.

Request ISO 27001 Certification

Secure

Secure

Secure by design

The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to the storage, retrieval, processing, and transfer of data. The SOC 2 reports is regularly refreshed and focuses on controls around security, availability, and confidentiality of customer data.

Penetration tested

Oscilar employs a third party security firm to perform Security, Vulnerability, and Penetration testing for all our products. These are run at least annually and findings are remediated according to their criticality and prioritization. Oscilar’s penetration and security assessment test summaries can be requested here.

Security practices

Data encryption

We encrypt your data in storage using the industry-standard AES-256 encryption algorithm using a 256-bit key. All the data in transit is encrypted using SSL/TLS. You can see our SSLLabs report here.

Network security

We use industry-standard secure protocols to encrypt data in transit in both our external and internal traffic. Our network is continuously monitored for malicious or abnormal activity, and all the anomalies detected are thoroughly investigated.

API

We only allow sending data to Oscilar API using SSL/TLS. Access to the API is restricted using an industry-standard 256-bit authorization key.

Secure authentication

We offer secure authentication for your Oscilar users. We support federated identity by signing in with a Google account, as well as creating a dedicated Oscilar account. All your accounts are backed by a dedicated and secure identity system that is independent of the rest of the Oscilar infrastructure and has limited access.

Application security

We are continuously monitoring for vulnerabilities in the third-party software we use to protect against supply chain attacks. We have an automated process for detecting vulnerabilities in our third-party dependencies and a comprehensive process for investigating and remediating them.

Internal access

Access to our internal systems is protected by multi-factor (or multi-step) authentication. We grant a minimum level of access required for an employee to fulfill their role. All our employees are required to take periodical security training.

See Oscilar in action.

Request a Demo →