OCTOPUS upholds strict privacy and security standards in all of our information handling practices:
Our contracts include confidentiality provisions that prohibit us from disclosing the confidential information of our customers, except under certain narrowly defined circumstances, such as when legally required.
Every OCTOPUS employee must follow our code of conduct, sign confidentiality agreements, and follow our information security policies.
OCTOPUS regularly talks with our personnel about the importance of safeguarding our customers' confidential information.
OCTOPUS trains all new personnel on confidentiality, privacy, and information security.
OCTOPUS strongly encourages all of our customers to adopt industry-standard protocol to secure and protect their information, data, login credentials, networks, servers, and computers from security attacks.
OCTOPUS maintains a multitude of technical measures to protect our customers:
Features that protect customer data:
Connection to the OCTOPUS system is via secure socket layer/transport layer security (SSL/TLS), ensuring a secure connection. Individual user sessions are uniquely identified and re-verified with every transaction.
Whenever a record or transaction is carried out, application logs record the creator, last updater, timestamps, and originating IP address.
Logical separation of customer data:
Hardware and software configurations and multitenant security controls separate customer data so that each customer can view only its own information and data. When connected to the system on the Cloud, the customer is not aware of anyone else using the system and cannot access anyone else's data.
The OCTOPUS system supports delegated authentication.
Network security measures:
Enterprise-Grade Web Application Firewall (WAF) - defends against OWASP Top 10 threats including: SQL injection, cross-site scripting, illegal resource access, and remote file inclusion
Advanced Bot Protection - distinguishes between "good" and "bad" bot traffic
Backdoor Protection - prevent backdoor install attempts and to quarantine backdoors already installed, rendering them useless
Health Monitoring and One-click Two Factor Authentication - manage and control multiple logins across several websites in a centralized manner
Granular Website Access Control - prevent access from unwanted visitors (e.g., countries, specific bots, URLs, IPs), while enabling uninterrupted access to legitimate visitors (customers, leading search engines, etc.)
APT Protection - protection from Advanced Persistent Threats that try to steal intellectual property and sabotage business-critical production environments
Redundancy and scalability:
Customer information can be backed up to local media sources in the customer's possession if required.
All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center allowing us to rapidly restore the OCTOPUS system in the case of a catastrophic loss.
The OCTOPUS system is highly scalable and redundant, allowing for fluctuation in demand and expansion of users and integrated systems while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.
OCTOPUS software solutions include privacy and security settings for customer peace of mind:
Customers can assign their users to groups and designate access permissions for different categories of data.
Passwords are set to expire periodically and need to be changed to help maintain password security.
Administrator permission is required to approve any new mobile application user accounts within an organization.
According to customer requests, certain information can be encrypted in the database to further protect it from misuse.
OCTOPUS has been certified for these ISO standards:
ISO 9001Quality Management - OCTOPUS has implemented quality management system requirements in our facilities, people, training, services, and equipment that meet the needs of customers and simultaneously meet statutory and regulatory requirements.
ISO 27001Information Security - Our Information Security Management System helps us identify and reduce risks and ensures that our security controls are fine-tuned to stay ahead of changes to security threats and vulnerabilities.
ISO 90003Software Engineering - OCTOPUS software and services comply with rigorous quality management standards in order to best meet our customers's needs.
ISO 20000-1Information Technology Service Management System - OCTOPUS has demonstrated that we are cable of meeting our customers' demanding service requirements and has shown that our personnel support our services and are dedicated to our service management system.