Security Policy
OrgPlan’s entire package of services provides the safest possible service by taking responsibility for protecting your systems and data. The approach we take is recorded in the OrgPlan Information Security Policy. Our information security policy was drawn up in accordance with international standards.
OrgPlan and Data Storage
OrgPlan never stores any employee data when our software is used in a regular way. The customer’s data always stays with the customer. Therefore the customer is responsible for the security of its data.
Exceptions
However, there are cases in which OrgPlan does receive customer’s data. Those cases include testing, completing, or correcting customer data files. OrgPlan guarantees:
Software Development
When developing and managing our software we always use best practices, such as:
OrgPlan Software in the Cloud
The OrgPlan software is stored in the Public or Private Cloud, but it runs fully in memory on the local client (device) of the enduser. In case of a Public Cloud solution: our software is loaded from our software server through a HTTPS-protocol (HyperText Transfer Protocol Secure). In case of a Private Cloud solution: our software is loaded from the customer’s software server through a protocol where the customer is responsible for. In both cases OrgPlan checks if the customer is entitled to use our software.
OrgPlan and Protection
Customer data is stored in (JSON) files that resides on customer’s devices only. OrgPlan gives customers many options of building security measures around these files to comply with their security policies, e.g.:
The files itself can be protected with differentiated passwords that limit access:
Passwords are always stored encrypted.
Managing security incidents
We ensure strict compliance with our security measures. Any deviations from these measures are detected, studied and classified. We record any infringements of security measures and additional security measures are introduced on the basis of incidents and their records.
Certification and testing
The quality, safety and privacy of our software and services are demonstrated by different audits. We test the OrgPlan infrastructure and software at least once a year for vulnerabilities and whenever any major functional or technical changes have been made. Furthermore, we conduct an internal penetration test for every new release, based on a test approach that is reviewed on a monthly basis.
OrgPlan’s entire package of services provides the safest possible service by taking responsibility for protecting your systems and data.
OrgPlan Ltd., May 2018