Skip to content

Compliance

The security of your Orgvue data is at the core of our business, ingrained into Orgvue in the technical controls and inherent in our organizational processes and people.

The security of your Orgvue data is at the core of our business, ingrained into Orgvue in the technical controls we apply throughout the software lifecycle and inherent in our organizational processes and people who support you. Our certifications and endorsements for information security not only demonstrate our compliance with these rigorous international standards, but also testify to the commitment to information security, which underpins our organization. From their first day of joining the Orgvue organization, all employees receive training in information security and data protection, which embeds best practice into and across the organization, for every role and function.

To safeguard confidentiality, your Orgvue data is uniquely encrypted using an encryption key dedicated to you, which is managed through FIPS-140-2 compliant hardware. At all times you have exclusive control over access to your data, while Orgvue has no access unless you authorize and engage us to.

Orgvue is compliant with international legislation and data protection laws. As a Data Processor, Orgvue delivers compliance with its GDPR obligations to provide sufficient guarantees in implementing appropriate technical and organizational measures, notably through our ISO 27001:2013 and CSA STAR certifications.

Independent third-party reviews of Orgvue’s Information Security Management System are completed annually as part of the ISO27001 and CSA STAR certification standards.

Orgvue has an established internal audit program to support compliance with its information security policies and program. The audit function maintains independence from the respective lines of business.

With respect to the AWS hosting infrastructure, information on AWS security compliance standards is available at: https://aws.amazon.com/compliance/programs/

Get in touch: email us at infosec@orgvue.com with your queries

Sub-processors

Learn about who the sub-processors are engaged by Orgvue to support the delivery of the Orgvue platform.

SOC 2

A SOC 2 Type 2 Report is a Service Organization Control (SOC) audit on how effectively an organization maintains compliance to controls aligned to the AICPA Trust Services Criteria. Information security is central to these controls. Orgvue’s SOC 2 Type 2 report demonstrates through rigorous independent audit, that Orgvue has selected and effectively operated controls aligned to the AICPA, Trust Services Criteria. Orgvue’s SOC 2 Type 2 report provides assurance that our service commitments and system requirements were achieved, based on the Trust Services Criteria for Security. Our SOC 2 Type 2 report complements and builds on our existing ISO 27001, ISO 27018 and CSA STAR certifications, providing our customers with additional assurance and validation of the security controls in place for the Orgvue platform. The security of our customer’s data is paramount to the Orgvue platform, completion of the SOC 2 Type 2 audit demonstrates our commitment to the protection of our customer’s data.

ISO 27001

Click to download the certificate in a new tab in your browser

ISO/IEC 27001 is an international standard for information security, adopting a best practice framework for the protection of assets through the ISO/IEC 27002 control set. ISO 27001 requires an organization to implement an Information Security Management System (ISMS) which embeds information security throughout the organization’s business processes, including governance, risk management, internal audit, human resource, asset management and into technical controls. Orgvue is independently audited twice per year for this standard by the certification body, BSI.

ISO 27018

Click to download the certificate in a new tab in your browser

ISO/IEC 27018 is a code of practice for protection of personally identifiable information in public cloud environments. ISO 27018 is an extension to the ISO 27001 standard, applying additional controls for the protection of personally identifiable information. ISO 27018 enables Orgvue to demonstrate to its existing and potential customers that their data is protected and is compliant with international data protection legislation.

CSA STAR

Click to open the certificate in a new tab in your browser

CSA STAR (Cloud Security Alliance) is an international standard for information security, adopting a best practice framework for the protection of assets through the CCM (Cloud Controls Matrix) cybersecurity framework for cloud computing. The CCM comprises 133 controls across 16 domains covering all core aspects of cloud architecture. Orgvue has been subject to a rigorous independent assessment against the CCM controls and is independently audited annually for ongoing compliance to this standard by the certification body, BSI.

FSQS (Financial Services Qualification System)

Orgvue are a qualified and compliant supplier within the Hellios FSQS framework. The FSQS system is designed to simplify the process for submitting assurance and compliance data to banks and insurance companies using FSQS. FSQS provides a more transparent route to demonstrating compliance-based information on a standardized supplier information and risk management framework.

JOSCAR (Joint Supply Chain Accreditation Register)

Orgvue are a qualified and compliant supplier within the Hellios JOSCAR framework. The JOSCAR system is designed to simplify the process for submitting assurance and compliance data to the aerospace, defense and security industry using JOSCAR. JOSCAR provides a more transparent route to demonstrating compliance-based information on a standardized supplier Information and risk management framework.