What are your technology capabilities?
OPENonline possesses uniquely strong technology capabilities allowing us to bring significant automation to your program. OPENonline has developed and maintains a number of proprietary information and interfaces to government agencies and third party information providers that support our background screening services.
What steps does OPENonline take for security and data integrity?
OPENonline utilizes a data center that is SAS 70/SSAE 16 Type II audited and HIPAA/ PCI/Tier IV compliant. The OPENonline interface and delivery systems are kept secure in an offsite, Tier 4 facility. This state-of-the-art facility provides maximum security, climate control and fully redundant electrical and mechanical support systems. In the event of a service power failure, the systems include UPS capabilities and backup generators that have enough fuel to run the facility on its own power for days. Access to the facility is restricted to approved personnel who have passed a full background and fingerprint screening. A radio frequency identification (RFID) security badge is required to enter the secure facility.
Off-site backup storage is transported to and from the level 4 secure data center in a fireproof, water tight and locked container by the authorized personnel. Off-site encrypted copies are stored at the OPENonline office in a fireproof safe in a locked server room behind 3 levels of user access security. Access to the off-site backup storage is limited to authorized personnel and by key-card, key and combination lock access at the OPENonline office.
All confidential material is destroyed by shredding through the document destruction service contracted by OPENonline. Materials are placed in locked containers throughout the office until shredding. The containers are emptied on a regular schedule by the document destruction company. The document destruction employees are escorted by an office representative while inside our suites and while they destroy the contents of the bins.
In recent years, many companies have become concerned over the “heartbleed” bug, a security vulnerability in SSL/HTTPS on certain types of web servers. This flaw can be used to reveal contents of a secure (SSL based) transaction between browsers and service providers. OPENonline does not utilize any software or software versions that have been identified to have vulnerabilities and is therefore not vulnerable to the “heartbleed” bug.
How often does OPENonline conduct security and vulnerability audits?
OPENonline conducts security and vulnerability audits annually. The results of our 2014 security and vulnerability audit affirmed that OPENonline’s internal incident response procedures and superior technical controls are guaranteed to prevent any type of security breach.