Date Effective: 7 May 2020
OfficeMaps is available either self-hosted on your own servers, or, cloud hosted by us, OfficeMaps. This document provides information for cloud hosted OfficeMaps.
OfficeMaps manages a secure and scalable technology stack that is continuously monitored and patched to stay ahead of digital threats. Below is a summary of our policies and practices as they relate to compliance, privacy, and security.
OfficeMaps software is hosted in the AWS Cloud, powered by world leaders in data centre management and security, Amazon Web Services. AWS maintain stringent security and data protection of the cloud environment and has numerous certifications. This includes SOC 1, SOC 2 and SOC 3 as well as ISO 27001, ISO 27017 and ISO 27018 certifications. Learn more at https://aws.amazon.com/compliance/
OfficeMaps software is hosted in the AWS Cloud on servers located in Australia, the USA and the United Kingdom. Your data will be stored in the country nominated in your subscription. Unless otherwise instructed the country nominated is determined by the currency of your subscription. Specifically, USD defaults to the USA, GBP defaults to the United Kingdom and AUD defaults to Australia.
Traffic between customers and OfficeMaps is protected with highly secure in-transit encryption using secure TLS protocols and ciphers, along with 2048-bit encryption keys.
OfficeMaps is also protected from Distributed Denial of Service (DDoS) attacks with a state-of-the-art managed protection service.
Customer data is encrypted in transit to ensure end-to-end protection with the latest standards and protocols. Databases are hosted in the AWS Relational Database Service and are not accessible externally. All other data is encrypted at rest and protected from external access.
OfficeMaps developers and support staff do not have access to customer data.
OfficeMaps is architected with an auto-scaling, high availability approach. Incoming traffic is automatically distributed across servers and additional servers start automatically as load dictates, providing consistent performance and high-availability. Critical operational data is backed up automatically, and backups are tested to ensure integrity and recoverability.
All development and testing are conducted in a replica development/test environment and then released to production following a managed process. Releases typically require no or minimal downtime.
OfficeMaps uses an industry-leading third party to process credit card transactions for customers who wish to pay by credit card. OfficeMaps does not store or possess any cardholder data relative to these transactions; this data is transmitted directly and securely to our upstream payment processor, a PCI-DSS Level 1 Service Provider.
If the DPA applies to you and you are a Data Controller, then our Current Sub-Processors are:
Amazon Web Services
Zoho Corporation Pvt. Ltd.