> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omni.co/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.omni.co/feedback

```json
{
  "path": "/administration/security/information-security-program",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# Omni information security program

> Omni maintains written policies and procedures designed to ensure the security of our employees, partners, and customers.

export const CustomerCredentials = "The credentials provided to Omni to access Customer Data";

export const CustomerData = "The data contained in the customer data sources connected to Omni";

Omni's CTO is responsible for the Information Security Program, which is reviewed and updated periodically.

## Compliance audits

Compliance with the policies and procedures is audited at least annually through a SOC 2 Type II audit, which is available upon request.

## People policies

Employees and contractors with access to company data and resources are required to complete the following:

* Sign a confidentiality agreement
* Agree to comply with the policies of the information security program
* Pass a background check by a third party provider

## Data protection and access control

Omni classifies <Tooltip tip={CustomerData}>Customer Data</Tooltip> as our most sensitive asset, and protects it as follows:

* <Tooltip tip={CustomerData}>Customer Data</Tooltip> is not permitted to be copied to destinations outside of the production infrastructure, and is not used for testing, development, or any purpose other than providing the product.
* <Tooltip tip={CustomerData}>Customer Data</Tooltip> is only stored in Omni systems temporarily, and can be permanently deleted upon request
* Access to the production infrastructure and systems is granted on a least privilege basis, requires authentication with multiple factors, and logged.

  Production infrastructure is configured and deployed through automated processes, so direct human access is needed only in rare cases and is not granted to employees other than those responsible for maintaining the automated processes.
* Access to <Tooltip tip={CustomerData}>Customer Data</Tooltip> via the Omni application by Omni personnel for support can be controlled and revoked by the customer
* Use of third party subprocessors on customer data is minimized and, when necessary, subject to thorough review