21972-312_SOC_NonCPA

Key Security Offerings

  • SOC 2 Type II certified
  • Industry Leading Role Based Security Configuration
  • Data Encryption at Rest and In Transit
  • Support for SAML based SSO
  • Single Tenant Customer Database Architecture

download

Availability and Continuity

  • Hosted by Amazon Web Services currently operating out of US, Ireland and Sydney regions with the option to add others based on customer demand.
  • Physical data center security provided by AWS
  • Data backed up daily
  • External Penetration Testing



GDPR

PII and GDPR

  • Data Protection Officer - Phil Schrader (privacy@onemodel.co)
  • Adheres to Data Processor Requirements of GDPR
  • All One Model Employees participate in Annual Information Security Training
  • OM will never process data in a fashion not requested or configured by the Customer


One Model contains Privacy by Design

  • Only the data provided/permitted by the customer is transferred to OM
  • Application level Role Based Security provides manageable access to data
  • OM staff only have access to data where required to support the customer
  • All data encrypted in transit and at rest


Consent

  • OM does not collect data directly from the employee, it consumes/processes data from HR systems.
  • Consent is handled by the Customer
  • OM will never process data in a fashion not requested or configured by the Customer


Right to Access

  • Multiple options exist for providing access

       ○ Give the employee a user to access OM where their role is linked to their own data point.

       ○Dashboards/Reports aimed at providing individual information can be created for distribution on request to the employee.


Data Portability

  • N/A to the OM application but we can facilitate the export/transfer of data for an employee using the options in Right to Access.


Right to be forgotten

  • Primarily handled through the source system. OM is synchronized with the source so removal from the source system will remove from OM on the next synchronization.
  • If a data source is being held statically these persons can be removed via the data models so they are no longer processed or removed from the data store via an sql query to remove. OM will facilitate this process where the customer does not have the resources to complete.