Security & Privacy

Updated: December 20, 2024

OfficeSpace Software Security & Privacy Overview

OfficeSpace Software is the world’s leading workplace management platform.  OfficeSpace has everything you need to adapt to hybrid work and create a better place for everyone—wherever work happens.

Detailed information about OfficeSpace’s security and compliance can be found in our Public Trust Profile and Catalogue

Acceptance of a Non-Disclosure Agreement (NDA) is required to gain access to the following documentation in the trust center:

  • SOC2 Report
  • SIG Core
  • SIG Lite
  • VSA Core
  • CAIQ
  • Diagrams of our application, infrastructure, and services
  • Redacted copy of our Penetration Test Report
  • Copies of OfficeSpace’s Policies and Procedures

 

Security and Privacy Training

Every OfficeSpace employee goes through security training during their first week at OfficeSpace Software. This training educates employees about OfficeSpace Software’s security practices, covers all procedural policies that we follow, and ensures employees are held to the highest standard of professional privacy and security. We also review our internal processes so that every member of OfficeSpace Software feels confident in reporting vulnerabilities or bugs to the appropriate team or individual to address the concern as quickly as possible.

Beyond the first training, every employee is required to completes additional security training classes several times a year to strengthen security practices and ensure understanding and compliance all year round.

 

Employee Access Levels

OfficeSpace Software employees are granted access to varying internal information systems depending upon their role within the company and the training they’ve completed. Once granted, we use unique access identifiers in order to review who does what for maximum accountability. This allows for a level of control over OfficeSpace Software’s most advanced and impactful functions and reduces the chance of internal error.

Before accessing these systems, all employees must sign a confidentiality agreement, acknowledge their understanding of OfficeSpace Software’s security practices, and demonstrate compliance with the policies we’ve set in place. All access is removed immediately upon termination of employment at OfficeSpace Software.

 

Security and Compliance Assessments

OfficeSpace Software uses a variety of internal tests to assess security during every stage of development and throughout the organization. We also adhere to the security expectations set forth by a number of organizations to meet and exceed industry standards. OfficeSpace maintains a SOC2 compliance audit report.

SOC2

 

Data Requests

OfficeSpace establishes Data Processing Agreements (DPA) with our Data Controllers and Sub-processors to ensure that the rights of Data Subjects are protected and promptly acted upon if exercised.

 

Legal Compliance

OfficeSpace Software works with internal and external legal professionals to review all security and privacy standards set forth by our organization. These professionals collaborate with the OfficeSpace Software Security Team to ensure all policies comply with legal and regulatory requirements while upholding OfficeSpace Software’s’ mission and values.

 

Penetration Testing

Our security and development teams partner with third party security providers to conduct regular penetration and vulnerability testing on our applications and services to identify potential security or privacy concerns. Any reported incidents are then prioritized and patched by the relevant security team, engineers, and/or management. Any concerns reported by customers are evaluated and prioritized by the same standards to quickly resolve all incidents.

 

Monitoring

We proactively monitor the OfficeSpace Software network, servers, and applications for malware infections, security breaches, and potential vulnerabilities. This monitoring includes (but is not limited to):

  • Nightly scans of OfficeSpace Software’s network to identify known or spot potential vulnerabilities.
  • Identifying and communicating identified vulnerabilities and/or security breaches to OfficeSpace Software’s leadership and the relevant security teams.
  • Individual monitoring of each website operating on OfficeSpace Software’s network.
  • Endpoint Virus and Malware protection with real-time scanning and scheduled updating.

 

Review and Evaluation

Once a vulnerability has been identified, members of the security team will review the incident within hours of the notice. We will then categorize the threat and impact of the vulnerability to prioritize the patch. Levels of security assessment include:

Emergency: An immediate threat to OfficeSpace Software’s application, infrastructure, or sites hosted within.

Critical: A security vulnerability that could have high impact but has not yet.

Not Critical: A standard security release update that’s necessary, but not urgent.

Not Applicable: A security vulnerability that’s helpful to be aware of, but not relevant to OfficeSpace Software’s environment and systems.

Regardless of the assigned classification, all security patch releases will follow a defined process for deployment that includes assessing the risk, testing the patch, scheduling the update, installing the repair, and verifying the solution.

 

Risk and Assessment Testing

We will assess the effect of a patch to the OfficeSpace Software infrastructure prior to its deployment. The OfficeSpace Software technology teams will also assess the affected patch for impact to each component of the OfficeSpace Software infrastructure, including servers, sites, software, and more.

If we categorize a vulnerability as an Emergency, the team overseeing the patch will consider it an imminent threat to our network. In these scenarios, we may deploy this patch within a 24-hour windows of successfully deploying it to a test environment.

Vulnerabilities deemed Critical or Not Critical will undergo testing for each affected component of our infrastructure before implementing the patch. For Critical updates, we may expedite the testing process to address time-sensitive critical concerns.

 

Audit, Assessment, and Verification

Following the release of all patches to OfficeSpace Software’s platform, members of the security team overseeing the update will verify the successful installation of the patch and will collaborate with the respective technology teams to confirm there have been no adverse effects on varying systems.

 

Protecting Data

OfficeSpace Software is centered around building exceptional products and providing peace of mind to our customers (and their employees). Therefore, we follow a number of practices to prevent unauthorized access to systems and data, identify risks, execute industry-leading best practices, and evaluate ways to continue improving our platform. The protections include (but are not limited to) data segregation, data encryption, access control, and auditing.

 

Authentication

OfficeSpace Software employees are required to use a password manager to create, manage, and share complex credentials for the software and tools we use on a daily basis. Passphrases are required to be cryptographically strong in order to reduce the risk of an employee’s account being compromised and unauthorized contacts gaining access to our systems.

We also use two-factor authentication when appropriate to access systems with access to production data, such as the OfficeSpace Software admin applications and administrative consoles. Temporary SSH keys, device-specific tokens, and rotating keys are all ways in which we ensure authorized users are the only ones accessing data related to OfficeSpace Software.

 

Classifying and Inventory Data

All data is assessed and categorized based on the sensitivity of the information and the access to it that different OfficeSpace Software employees may need. This allows us to control access and guarantee that only employees with the necessary permissions are able to access certain levels of user data.

 

Company Infrastructure Protection

OfficeSpace Software’s applications and services run with variety of monitoring tools that may detect suspicious code, configurations, and user behavior. Our IT specialists are responsible for installing, monitoring, and escalating any incidents that may occur to the OfficeSpace Software Security Team. Together, they’ll determine the best course of action to quickly remedy the situation.

OfficeSpace Software Infrastructure is hosted in globally recognized cloud services provider. They are SSAE 16\18 compliant, as well as ISO 27001, and more. We contract with these providers to ensure that their physical and environmental controls meet and exceed the requirements of Security, High Availability, and Resiliency that our users have come to expect from our products and services.

  

Data and Media Disposal

Depending on the classification of information, we may store customer information for varying lengths of time. We keep data depending on regulatory storage requirements and\or our Data Retention schedule. At the end of the retention period, customers may request to have their data returned to them, or deidentified.

 

Data Encryption at rest and in Transit

We use encryption to transmit data over public networks. This includes all data shared between OfficeSpace Software systems, clients, and employees. Systems are built on encrypted volumes for at rest encryption. We support the latest techniques to securely encrypt communication and constantly monitor best practices to best serve our customers.

 

Network Security

We use Single Sign On (SSO) as much as technically possible for system connections and authentication. We also enforce MFA for each session. This ensures all data is accessed securely whether we’re working from our Atlanta headquarters or a remote location in Canada. Additionally, all our systems have Host Intrusion Detection, Virus and Malware protection, as well as local firewalls and local disk encryption and network level firewalls and Access Control Lists.

 

Third Party Suppliers

 OfficeSpace Software works with a number of third-party suppliers to create our exceptional hosting platform, systems, and processes. When choosing another company to partner with, we assess the impact upon OfficeSpace Software’s production environment and take the appropriate steps to ensure our own security standards are maintained at every level. We are constantly evaluating our third-party suppliers to ensure we’re providing the most secure solution for our customers.

 

Still have questions?

OfficeSpace Software thinks a lot about security so you can think about it less. We’re constantly evaluating our processes, building new partnerships, and updating our systems to execute industry-leading security solutions.

If you would like to request more information about OfficeSpace Software’s security, feel free to reach out to your Customer Success Manager or email one of our experts. They’d be happy to provide additional details or reports so you can feel confident in our security systems and policies.