Data security & technology

OfficeMaps is available either self-hosted on your own servers, or, cloud hosted by us, OfficeMaps.  This document provides information for cloud hosted OfficeMaps.

OfficeMaps manages a secure and scalable technology stack that is continuously monitored and patched to stay ahead of digital threats. Below is a summary of our policies and practices as they relate to compliance, privacy, and security.

Data center security and certifications

OfficeMaps software is hosted in the AWS Cloud, powered by world leaders in data centre management and security, Amazon Web Services. AWS maintain stringent security and data protection of the cloud environment and has numerous certifications. This includes SOC 1, SOC 2 and SOC 3 as well as ISO 27001, ISO 27017 and ISO 27018 certifications.  Learn more at https://aws.amazon.com/compliance/

Data location

OfficeMaps software is hosted in the AWS Cloud on servers located in Australia, the USA and the United Kingdom. Your data will be stored in the country nominated in your subscription. Unless otherwise instructed the country nominated is determined by the currency of your subscription. Specifically, USD defaults to the USA, GBP defaults to the United Kingdom and AUD defaults to Australia.

Application security

Traffic between customers and OfficeMaps is protected with highly secure in-transit encryption using secure TLS protocols and ciphers, along with 2048-bit encryption keys.
OfficeMaps is also protected from Distributed Denial of Service (DDoS) attacks with a state-of-the-art managed protection service.

Data security and encryption

Customer data is encrypted in transit to ensure end-to-end protection with the latest standards and protocols.  Databases are hosted in the AWS Relational Database Service and are not accessible externally. All other data is encrypted at rest and protected from external access.
OfficeMaps developers and support staff do not have access to customer data.

Availability and continuity

OfficeMaps is architected with an auto-scaling, high availability approach.  Incoming traffic is automatically distributed across servers and additional servers start automatically as load dictates, providing consistent performance and high-availability. Critical operational data is backed up automatically, and backups are tested to ensure integrity and recoverability.

All development and testing are conducted in a replica development/test environment and then released to production following a managed process.  Releases typically require no or minimal downtime.

PCI Compliance

OfficeMaps uses an industry-leading third party to process credit card transactions for customers who wish to pay by credit card. OfficeMaps does not store or possess any cardholder data relative to these transactions; this data is transmitted directly and securely to our upstream payment processor, a PCI-DSS Level 1 Service Provider.

Privacy

OfficeMaps is committed to protecting the privacy of our customers’ personal information. Please see our Privacy Policy for more information.

Current sub-processors

If the DPA applies to you and you are a Data Controller, then our Current Sub-Processors are:

ActiveCampaign Inc
Amazon Web Services
Chargebee, Inc.
Pin Payments
Zoho Corporation Pvt. Ltd.
Zapier Inc.

‍

‍