Security Policy

OCTOPUS SECURITY PRACTICES

Our contracts include confidentiality provisions that prohibit us from disclosing the confidential information of our customers, except under certain narrowly defined circumstances, such as when legally required.
Every OCTOPUS employee must follow our code of conduct, sign confidentiality agreements, and follow our information security policies.
OCTOPUS regularly talks with our personnel about the importance of safeguarding our customers’ confidential information.
OCTOPUS trains all new personnel on confidentiality, privacy, and information security.
OCTOPUS strongly encourages all of our customers to adopt industry-standard protocol to secure and protect their information, data, login credentials, networks, servers, and computers from security attacks.

Connection to the OCTOPUS system is via secure socket layer/transport layer security (SSL/TLS), ensuring a secure connection. Individual user sessions are uniquely identified and re-verified with every transaction.
Whenever a record or transaction is carried out, application logs record the creator, last updater, timestamps, and originating IP address.

Hardware and software configurations and multitenant security controls separate customer data so that each customer can view only its own information and data. When connected to the system on the Cloud, the customer is not aware of anyone else using the system and cannot access anyone else’s data.
The OCTOPUS system supports delegated authentication.

Enterprise-Grade Web Application Firewall (WAF) – defends against OWASP Top 10 threats including: SQL injection, cross-site scripting, illegal resource access, and remote file inclusion
Advanced Bot Protection – distinguishes between “good” and “bad” bot traffic
Backdoor Protection – prevent backdoor install attempts and to quarantine backdoors already installed, rendering them useless
Health Monitoring and One-click Two Factor Authentication – manage and control multiple logins across several websites in a centralized manner
Granular Website Access Control – prevent access from unwanted visitors (e.g., countries, specific bots, URLs, IPs), while enabling uninterrupted access to legitimate visitors (customers, leading search engines, etc.)
APT Protection – protection from Advanced Persistent Threats that try to steal intellectual property and sabotage business-critical production environments

Customer information can be backed up to local media sources in the customer’s possession if required.
All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center allowing us to rapidly restore the OCTOPUS system in the case of a catastrophic loss.
The OCTOPUS system is highly scalable and redundant, allowing for fluctuation in demand and expansion of users and integrated systems while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.

Customers can assign their users to groups and designate access permissions for different categories of data.
Passwords are set to expire periodically and need to be changed to help maintain password security.
Administrator permission is required to approve any new mobile application user accounts within an organization.
According to customer requests, certain information can be encrypted in the database to further protect it from misuse.