Officiently manages all user data via Amazon Web Services (AWS). All data is automatically backed up and stored redundantly. Thanks to our server and network infrastructure, Officient remains accessible even when hardware problems occur. We guarantee an uptime of 99.9% to continuously our services up and running. All information about security measures taken by AWS can be found here.
Encryption is primarily used in the financial sector, but is also setup for all Officient accounts. This encryption is used for all external and internal connections and guarantees that sensitive information can never be sent or received as readable text. Thanks to these advanced security measures, the data of Officient customers remains protected at all times.
Data Security & Privacy
Data privacy is essential for Officient. That is why all data is stored within the borders of the European Union. The data centres of AWS are distributed all over the world, but as far as the data in Officient (including backups) is concerned, this only applies to data centers in Ireland and Germany. AWS is fully compliant with the European Data Security Regulations (GDPR). Read here more about which data Officient stores.
Officient is available on any device, worldwide, with the exception of Internet Explorer 11 and earlier versions for security reasons. IE edge however is supported. Health checks and simple pings of the components are used to check if the functions are operational. Officient has a dedicated page where the status of our system can always be checked.
The Officient development team has implemented a structured release process:
- Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
- Changes are communicated to the customer success team in a timely manner.
- Test environments can freely be created upon request.
- Changes are communicated to end users in-app.
- There is no beta environment that contains newer features. Experimental features are released by feature flagging.
Responsible Disclosure Policy
At Officient, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please check out our Responsible Disclosure Policy for more information.
Identity and Access Management (IAM)
Officient uses Auth0 as a service provider for authentication, and offers the following SingleSign-on (SSO) capabilities:
- Authentication is possible via Office365, azure ad, gmail and other e-mail providers.
- Additional security measures such as PIN codes and fingerprint authentication are setup after activating the Self Service.
For HR staff
- Authentication is possible via Office365, azure ad and gmail.
- Multi-Factor Authentication can be enabled.
- Authentication by Okta can be provided on request.
Officient has a simple, open and documented REST/json api. All information you need to connect to the API can be found here.
It is possible to use Webhooks with Officient.
Zapier integrations are also available to easily and quickly exchange data with other tools.
Officient meets the following integration requirements.
- The platform has a well-documented API, with a simple and clear data model.
- The platform has an API that allows CRUD operations on almost all data entities.
- The platform has an API that only allows communication via encrypted communication channels (SSL/TLS).
- The platform has an API protected by security measures optimized for machine-to-machine communication (e.g. api key, basic authentication, OAuth client credential flow...).
- The platform has the means to notify external systems of changes that occur on internal data entities (e.g. training added) via standard protocols.
- The platform has the possibility to resend communication in case it could not reach the external system.