Customer data is stored in secure facilities, on secure servers, and within secure applications. Opendate office locations have no data centers or access to data centers. Opendate maintains appropriate security personnel for the facilities. Opendate office locations are restricted access facilities with appropriate door access. Badge access is required to enter and exit the building, with additional access required to secure areas. Cameras monitor the office locations. Additional restrictions include, but are not limited to, secure document handling, screen protection to mitigate shoulder surfing, and additional badge access. Rooms that store telecommunication and network equipment are kept locked, and alarmed.

Opendate has partnered with Amazon for infrastructure and cloud services. Opendate utilizes Amazons Web Services (AWS) for IaaS (Infrastructure as a Service).

To ensure compliance for our customers' data; Opendate offers different data physical storage locations. Data center locations are in North America and Europe.

Opendate has a security program and works with a third-party CISO.

Opendate utilizes various internal security tools to perform internal network vulnerability scans against all production environments. Additionally, external network scans are performed using open source tooling as a routine part of our third-party penetration tests.

In addition to our internal testing, Opendate engages a third-party security firm to perform vulnerability and penetration testing twice a year.

Opendate utilizes a security information and event management (SIEM tool). Opendate's Information Security Team reviews logs and alerts for performance and security considerations including logs relating to authentication, endpoint, web application, and more.

The Opendate Platform leverages logging capabilities and supporting systems to monitor for potential threats. Within the application, customers can review the logs and set up alerts to be emailed if certain activities occur, such as a failed login attempt or if a document has been downloaded or exported.

Opendate leverages a Web Application Firewall (WAF) to perform ingress filtering at the network boundary and prevents direct access to internal resources through the use of private, Virtual Private Clouds (VPCs). Additionally, solutions are used to provide Distributed Denial of Service (DDoS) protection for all applications running in the cloud environment.

Opendate has an established Incident Response Policy, standard and procedures which outlines actions, notification, and steps for remediation in the event of any type of incident beyond normal business operations. This plan is tested annually for security events.

Opendate uses TLS versions 1.2 and 1.3 with digital certificate identification. In addition Opendate platform utilizes HTTP Strict Transport Security (HSTS) for further protection.

All sensitive data in Opendate, such as credit card numbers and/or passwords, are stored encrypted with Advanced Encryption Standard (AES) 256-bit algorithm.

Through our SLA within contracts Opendate commits to a 99.5% uptime.

Opendate relies on multiple data centers to provide operational redundancy. We ensure reliability by distributing and replicating data across our multiple systems in case of failure at any single point.

The Opendate Platform includes high availability through our redundant infrastructure.

User access is governed by a membership into a Team, and then memberships into Venues, where content is stored and managed. Through our administration application, customers can self-administer usernames and passwords, and access levels.

Authentication features within the platform also include:
• Browser Validation
• IP Address Restrictions

The Opendate platform has a minimum standard of characters with no restrictions on special numbers or special characters.

Within the Opendate platform, role assignments can be utilized to gatekeep access to features and functionality. Every member of a team has a role, each with its own level of access to features. Based on the solution set for a team, you’ll have access to different roles.

Administrative Roles:
• The Team Owner role is only available at the team level.
• Org Admin roles are available at the organization-level but can perform some functions at the team level.

Non-administrative Roles:
• If your organization is not on the current solution-based licensing model, there are different non-administrative roles such as Editor, Viewer, etc.

Feature Specific Roles:
• In addition to the roles above, there are roles to provide access to specific features in a workspace. These roles would include Content managers, copy managers, task admins, and filing roles.

The Opendate platform administrative application contains logic that allows customers to manage users through security settings for authentication and a granular permission system for access to data.

Opendate recommends customers use Single Sign On and can integrate with a SCIM through the SAML 2.0 protocol.

Opendate also offers customers
• Configurable Password Settings
• IP Restrictions
• Browser Validation
• Multi Factor Authentication

The Opendate Platform signs outbound messages with DKIM, adheres to a hardfail SPF policy, and runs DMARC in reject mode. Data and attachments are never directly sent within Opendate Platform notifications. Opendate sends all notifications from a fixed set of dedicated IP addresses, and we strongly encourage customers to disable any types of message checking or filtering against messages originating from our platform.