Compliance audits
Compliance with the policies and procedures is audited at least annually through a SOC 2 Type II audit, which is available upon request.People policies
Employees and contractors with access to company data and resources are required to complete the following:- Sign a confidentiality agreement
- Agree to comply with the policies of the information security program
- Pass a background check by a third party provider
Data protection & access control
Omni classifies as our most sensitive asset, and protects it as follows:- is not permitted to be copied to destinations outside of the production infrastructure, and is not used for testing, development, or any purpose other than providing the product.
- is only stored in Omni systems temporarily, and can be permanently deleted upon request
- Access to the production infrastructure and systems is granted on a least privilege basis, requires authentication with multiple factors, and logged. Production infrastructure is configured and deployed through automated processes, so direct human access is needed only in rare cases and is not granted to employees other than those responsible for maintaining the automated processes.
- Access to via the Omni application by Omni personnel for support can be controlled and revoked by the customer
- Use of third party subprocessors on customer data is minimized and, when necessary, subject to thorough review