OpenWater participates in a variety of internationally recognized security and privacy compliance programs.  This article summarizes the main programs we participate in along with how your auditors / compliance teams can gain access to OpenWater records.

PCI Compliance

All OpenWater customers that accept payments must complete PCI compliance.  OpenWater does most of the heavy lifting for your organization.  All of the payment gateways we support use tokenization for credit card payments.

We retain an independent security firm to do monthly scans and PEN tests on our platform.

Your organization may require an Attestation of Compliance (AOC) and an Proof of Scan results for your own compliance needs.

You can request these via your OpenWater support representative or sales representative.  Typical turn around is 1 business day.

SOC2

The SOC2 is an internationally recognized audited report about an organization's security, privacy, and risk posture.  OpenWater undergoes an annual audit that covers basics such as what kind of information security training staff receives to the kinds of background checks it uses on its staff.  The audit continues to assess OpenWater's use of Microsoft Azure and Amazon Web Service's data centers to ensure a level of security compliance.

This review is performed by a third party information security auditing firm and covers over 200 security controls and processes specific to OpenWater.  In addition to the controls of OpenWater as an organization, we also rely on data centers from Microsoft and Amazon who provide physical controls such as backup power and 24/7 access controlled facilities.

If your organization requires a security review of OpenWater, often our SOC2 covers all of the items your team is looking for.

You can request the SOC2 audit report via your OpenWater support representative or sales representative.  Typical turn around is 1 business day.

Privacy Shield
Privacy Shield is a European Union based agreement that ensures data flowing between the EU and US (and other countries) follows a list of privacy standards. 

OpenWater participates in Privacy Shield. [See Privacy Shield Status]

Privacy Shield and GDPR are also related, learn more about OpenWater and GDPR.

Did this answer your question?