World Class Security
The utilization of data is crucial in enhancing the usefulness of the products and services we utilize. We prioritize adhering to top-notch security protocols and adopting responsible approaches towards handling data.
Our Security Principles
In addition to our array of certifications and affirmations, our unwavering commitment to upholding the highest security standards is evident through our strict adherence to the guidelines established by esteemed organizations such as the National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), and International Organization for Standardization (ISO).
Contained within this comprehensive Security Center, you will discover an extensive repository of valuable information pertaining to the fundamental security principles, meticulous data privacy policies, and meticulous compliance practices that form the bedrock of our approach to developing data products. This commitment commences right from the very inception of the design phase, ensuring that our products are fortified with robust security measures every step of the way. By aligning ourselves with these industry-leading standards, we strive to inspire trust and confidence in the security and integrity of our data products.
We prioritize information security with encryption for data at rest and in transit. Our data union adheres to FIPS 140-2 encryption standards and maintains 24/7 monitoring for vulnerabilities and malware. We enforce time-based access controls to limit internal access to critical tools and resources.
We take measures to protect data from improper modification, ensuring that information remains unaltered and has not been deleted or tampered with in an unauthorized and undetectable manner.
Our data is designed for high availability, distributed across multiple availability zones, and backed up in different regions. We utilize auto scaling techniques to optimize performance and ensure maximum availability for our customers.
Certifications and attestations
We maintain a comprehensive suite of certifications and attestations to further demonstrate our commitment to security and privacy.
SOC 2 Type 2
We are compliant with SOC 2 Type 2 as defined by the American Institute of Certified Public Accountants (AICPA).
We have enhanced our products, processes, and procedures to ensure HIPAA-compliance.
Owl employs various measures to safeguard the security of our data and prevent unauthorized access. To ensure the protection of our platform, we adhere to a comprehensive continuous monitoring program. This program encompasses the development of proactive and detective capabilities, allowing us to promptly identify and respond to any potential security threats. In addition, we have implemented an Incident Response Policy that assesses the severity of security incidents and outlines a well-defined plan to mitigate any issues that may arise. Rest assured, even in the unlikely event of a breach, we have robust measures in place to maintain the security of our data.
Monitoring Data Systems
security and monitoring of our customer data and infrastructure are of paramount importance at Owl. We rely on AWS and Elastic Cloud data centers to host our customer data and production systems. AWS, known for adhering to industry best practices, maintains stringent standards for monitoring access to Owl' data. For detailed insights into the physical security measures implemented by AWS, we encourage you to refer to their comprehensive physical security white paper. Rest assured, we prioritize the safeguarding of your data and leverage trusted platforms to ensure its protection.
Incident Event Management
As outlined in Owl's internal Business Continuity and Disaster Recovery Plan, regular penetration tests are conducted on external networks on a quarterly basis. AWS offers a dynamic cloud environment capable of deploying applications, monitoring for failures, and recovering any failed platform components. Backup files are securely stored with redundancy across multiple availability zones and are encrypted for added protection. In the event of significant incidents, Owl is committed to notifying affected individuals within 24 hours of a determination being made.
Owl's data is distributed across two AWS availability zones, specifically the Oregon and Northern California locations. This strategic distribution enhances the stability of our infrastructure by incorporating redundant servers. Our platform is equipped with sophisticated mechanisms that can promptly detect any non-operating or degraded state. In such cases, it automatically scales within the alternate zone to ensure uninterrupted availability and responsiveness of our services.