Our Data Security Controls
Our data security controls include, but are not limited to, the following:
Information Asset Security
Securing information assets is integral to OMNIMax’s Information Security Management System. We implement and enforce this through processes such as:
- Implementing and enforcing a clear desk policy. We ensure that our workspaces are clear of all sensitive items when unattended (physical or digital).
- We use cloud-based services for the creation and storage of files rather than local storage.
Software access has been identified as a high-risk area and so to prevent unauthorised access, unauthorised sharing, or loss of passwords due to human error, OMNIMax has implemented the following access controls:
- Use of a password manager to generate random passwords to ensure we do not use passwords more than once and that passwords meet our password creation policies. Our password manager stores and distributes our passwords for us so there is no risk of forgetting or losing passwords.
- We use Two Factor Authentication where possible.
All web traffic is encrypted using SSL certificates and encryption at rest is applied to all sensitive information depending on the security classification.
To ensure you have the best protection and data security we recommend you use a browser that supports data encryption. Always keep your browsers up to date – this will ensure all data transferred is secure. Use this handy tool to make sure you’re up to date.
OMNIMax implements policies and controls to secure our critical infrastructure. These include but are not limited to:
- Installing anti-malware and anti-virus on all machines.
- Backing up all information to the cloud.
Human Resource Security
Information Security Awareness: we provide information security training to all OMNIMax employees and contractors.
OMNIMax has defined policies around the following information security incidents in accordance with ISO 27001:
- Ransomware attack
- Denial of service
- Data breach
OMNIMax recognises Financial Advice Providers’ license obligation, and our obligation as an outsource provider, to keep records for at least seven years.
Our software and your data are hosted through Microsoft Azure which holds substantial security certifications and physical security. Server-side encryption (SSE) is used to encrypt all Azure data.
Security & Loss Prevention
All data is backed up on a regular basis, web applications are hosted behind a firewall and all web traffic is encrypted using SSL certificates.
OMNIMax uses Azure products to secure OMNIMax against attacks. These protect against:
- All common web attacks
- Application vulnerabilities
- Malicious IP addresses and web bots
- HTTP Denial of Services attacks
We regularly back up all data to the cloud and we can recover data to a particular point in time.
If you have any questions about our data security practices, please get in touch by emailing us at firstname.lastname@example.org.