Information Security

Information security is of supreme importance at OIP. We have established a culture of security, and work to provide exceptional standards of information security for our clients

ISO 27001 Certification

Here at OIP, we have always taken our data security seriously. Information security is a vital part of what we do every day and we do it well. Therefore, we are proud to have been awarded ISO 27001 certification – the highest attainable credibility ranking and internationally recognized standard for information security management. This is a testimony that our standards are both consistent and high, and that we strive to achieve the same when it comes to information security. Our goal is to build and maintain trust and credibility in our partnerships so that our clients feel confident in choosing our company to support them.

Data Protection and Compliance

Everyone's heard about this term, but not everyone knows about their responsibilities when it comes to keeping information safe and secure. Data protection and its key objectives - confidentiality, integrity, and availability of information are our main focus and we strive to maintain strong security procedures around all our business processes and data. We understand more deeply the responsibilities and expectations of all parties in the chain and we have a greater appreciation of our daily tasks as they relate to information security. As more and more laws and regulations regarding data protection and privacy continue to arise, having a framework which enables us to adhere to the various legal requirements within our industry in the most efficient way possible is not only important, it is essential. Latest important regulations carrying compliance challenges are NY Cybersecurity Regulation and General Data Protection Regulation (GDPR). Don’t worry, we’ve got you covered.

Business Continuity - for Business that Never Stops

Knowing your partner’s business continuity plan is essential, as their lack of business continuity compromises yours. OIP robust business continuity strategy is based on comprehensive Business Impact Analysis, fully developed Business Continuity and IT Disaster Recovery plans, regular BCP/DRP testing and multiple office locations. We are currently working towards ISO 22301 certification which we expect to be in place early 2019.

Secure Software Development

Technology is advancing and the software development security is becoming more complex, while the vast amount of threats is constantly pressuring companies. We ensure that all our software solutions are completely secure and information security is an integral part of our systems across the entire lifecycle. The systems we build are secure through such measures as continuous testing, authentication safeguards, and adherence to best programming practices.

What Does This Mean for OIP?

First and foremost, becoming certified helps us safeguard clients' valuable, sensitive, and confidential information assets. We feel that this achievement makes us stand out from the crowd and stimulates our growth while maintaining a strong client focus. While it supports our expansion into global market, it also increases prestige, protects the reputation, and improves our brand. Ultimately, being certified and having a dedicated team helps us maintain a culture of security, allowing us to be aware of its importance at all times. We view this achievement as a recognition of the level of professionalism that we are constantly driven towards.
View Certificate

What Does This Mean for our Clients?

ISO Certification will show our existing and potential clients that we take information security seriously and embed it in our daily operations. This way we strive to further enhance our client-oriented approach, making us a trustworthy partner for the long run. OIP being certified against ISO 27001 ensures that our partners have a piece of mind when we are dealing with their sensitive information and have confidence they need in our systems and processing facilities.

Now That We’re Certified, What’s Next?

ISO 27001 certification is a start, not an end. We will use the information security management system in place to monitor, measure, and improve our security processes and posture, ensuring that it is in a continually optimal state. Information security guidelines and standards will be our guide to become a better partner, now and in the future.

EMPLOYEE AWARENESS PROGRAM

We are constantly investing in our biggest asset - our employees. Therefore, continuous education is one of the most important practices we use, especially in the scary cybersphere. Our highly educated Infosec team organizes frequent information security training and educational programs, raising the awareness among the staff and helping people understand the importance of data security. That's why Your Data Is Safe With Us!

INFORMATION CLASSIFICATION

OIP is committed to the protection of all information and data regardless of the form it takes. Different types of information require different security measures, depending on their sensitivity. OIP’s information classification standards are designed to provide information owners with guidance on how to classify information assets properly and then use them accordingly. This standard applies to all OIP information, regardless of the data location or the type of device it resides on. It should consequently be used by all staff and other members of the company and third parties who interact with information held by and on behalf of the OIP.

IN THE OFFICE/AWAY FROM THE OFFICE

Clear Desk/Clear Screen Policy - Employees are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day, and if they expect to be gone for an extended period. Any Restricted or Sensitive information must be removed from the desk and locked in a drawer when the desk is unoccupied and at the end of the workday. Mobile and Teleworking - When our frequent business travelers take company equipment off the premises, we make sure the content is encrypted and they are fully aware of all steps for making any sensitive information safe and secure. Paperless Culture - We are not just preventing disclosure of sensitive information with unnecessary printing, but also considering the environment - “Think before you print”.

RISK ASSESSMENTS

Risk assessments are preventive strategic tools that can help businesses stay on top of adverse situations. Our journey of setting up security culture was based on recurring Risk Assessments. It is probably the most complex part and, at the same time, a heart of every information security project. Therefore, in order to do this perfectly right, our risk assessments are carried out in accordance with ISO 30010 standard and within the framework of risk management described in ISO 31000.

ACCEPTABLE USE OF ASSETS AND ACCESS CONTROL

Email Usage - OIP is applying a strict set of rules designed to enhance computer security and encourage employees to apply strong passwords. Access Control - All premises OIP is conducting business at have both physical security and personalized key cards that are allowing access to offices only to the authorized personnel. The use of keys to buildings, rooms, secure cabinets, safes is strictly controlled and recorded. Access to and knowledge of door lock codes is restricted to authorized personnel only and must not be shared with any unauthorized person.

BUSINESS IMPACT ANALYSIS

BIA is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, an accident or emergency. At OIP, we are not taking anything for granted and are systematically approaching this challenge. As a result of BIA, we have developed immediate and continuous recovery strategies and crafted our Business Continuity Plan.

MULTIPLE LOCATIONS

In the effort of maintaining continuous delivery of our services, we have processing centers at multiple locations, ensuring our clients will get the agreed service in a timely manner. In terms of business continuity, alternative locations are important and help us combat a wide range of disruptions, while maintaining our business up and running.

DISASTER RECOVERY PLAN

The principal objective of the disaster recovery program is to develop, test, and document a well-structured and easily understood plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations. OIP constantly organizes DRP exercises and trains employees to be prepared for the “worst case scenario”.

SECURING THE DEVELOPMENT ENVIRONMENT

We believe that it's worth investing more heavily in creating a secure development environment. Therefore, we have established rules for the development of software and systems and applied them to all projects within the OIP. In a nutshell, “We want to do it properly, and do it once”.

SECURE ENGINEERING PRINCIPLES

These principles provide a foundation upon which a more structured approach to the design, development, and implementation of security capabilities can be constructed. Our Developers are carefully considering those principles and they are made a part of our Secure Development Policy.

RISK ASSESSMENT FOR THE DEVELOPMENT PROCESS

At OIP, every development project includes a risk assessment that allows managers to identify and measure the risks associated with resource constraints and then develop appropriate responses and identify necessary controls. Nowadays, the pallet of possible IT solutions is endless and decisions are becoming more sophisticated. Therefore, it is of utmost importance to identify, manage and mitigate risks in the early stages of the project.

We are proud members of