MENU

Security and Privacy

At Optima Compass Group, we are committed to maintaining the highest standards of security to protect our users’ data. Optima’s Security team establishes policies and controls and monitors compliance with those controls to ensure that your data is protected at all times. Our Security Policies are based on the foundational tenets of information security:  confidentiality, integrity and availability. Every element of our information security program has been designed to implement one or more of these principles. How we do it ? Data Protection Data at rest Customer data is protected at rest through a multi-layered security approach that includes encryption, access controls, and monitoring. All data in our Google Cloud Infrastructure is automatically encrypted at rest using strong encryption standards, such as AES-256. Data in transit All Google Cloud virtual networking traffic is encrypted by default using TLS.  Data that travels over the open internet is protected using several mechanisms, including HTTPS, SSL/TLS, SSH and VPN, all of which use encryption to protect data and credentials.  Moreover, server TLS keys and certificates are managed by Google Cloud and deployed via Application Load Balancers. Secret management We use Google Cloud Secret Manager, a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across our Google Cloud infrastructure. Product Security Penetration Testing We conduct penetration tests on a regular basis and whenever significant changes are made to our infrastructure or applications. Findings from these tests are used to enhance our security posture continuously. We also stay updated with the...