OfficeSpace Software is the world’s leading workplace management platform. OfficeSpace has everything you need to adapt to hybrid work and create a better place for everyone—wherever work happens.
Whether you’re a summer intern or a new director of security, every single employee goes through security training during their first week at OfficeSpace Software. This training educates employees about OfficeSpace Software’s security practices, covers all procedural policies that we follow, and ensures employees are held to the highest standard of professional privacy and security. We also review our internal processes so that every member of OfficeSpace Software feels confident in reporting vulnerabilities or bugs to the appropriate team or individual to address the concern as quickly as possible.
Beyond the first training, every employee is required to complete monthly security training classes to strengthen security practices and ensure understanding and compliance all year round.
OfficeSpace Software employees are granted access to varying internal information systems depending upon their role within the company and the training they’ve completed. Once granted, we use unique access identifiers in order to review who does what for maximum accountability. This allows for a level of control over OfficeSpace Software’s most advanced and impactful functions and reduces the chance of internal error.
Before accessing these systems, all employees must sign a confidentiality agreement, acknowledge their understanding of OfficeSpace Software’s security practices, and demonstrate compliance with the policies we’ve set in place. All access is removed immediately upon termination of employment at OfficeSpace Software.
Our Security officer leads the information security office of OfficeSpace Software. He collaborates with other team leads to ensure that security is taken into consideration in all our designs and practices.
The OfficeSpace Software Security Team’s efforts are focused on maintaining top-to-bottom security standards throughout the company. Some of their responsibilities include (but are not limited to):
The Software Engineering Team is dedicated to maintaining development standards for every line of code we push to production. They’re responsible for:
The Infrastructure Engineering and DevOps Teams are invested in ensuring the stability and security of applications and systems. They’re in charge of:
OfficeSpace Software upholds a number of internal policies, procedures, standards, and guidelines to ensure the highest level of security and privacy protection. These rules and trainings help employees maintain excellent standards in both our work and organization. These security and privacy policies include (but are not limited to):
These policies are maintained and updated by the OfficeSpace Software Security Team and are available for all employees.
OfficeSpace Software uses a variety of internal tests to assess security during every stage of development and throughout the organization. We also adhere to the security expectations set forth by a number of organizations to meet and exceed industry standards.
OfficeSpace establishes Data Processing Agreements (DPA) with our Data Controllers and Sub-processors to ensure that the rights of Data Subjects are protected and promptly acted upon if exercised.
OfficeSpace Software works with internal and external legal professionals to review all security and privacy standards set forth by our organization. These professionals collaborate with the OfficeSpace Software Security Team to ensure all policies comply with legal and regulatory requirements while upholding OfficeSpace Software’s’ mission and values.
Our security and development teams partner with third party security providers to conduct regular penetration and vulnerability testing on our applications and infrastructure to identify potential security or privacy concerns. Any reported incidents are then prioritized and patched by the relevant security team, engineers, and/or management. Any concerns reported by clients are evaluated and prioritized by the same standards to quickly resolve all incidents.
We proactively monitor the OfficeSpace Software network, servers, and applications for malware infections, security breaches, and potential vulnerabilities. This monitoring includes (but is not limited to):
Once we have identified a vulnerability, members of the appropriate security team will review the incident within hours of the notice. We will then categorize the threat and impact of the vulnerability to prioritize the patch. Levels of security assessment include:
Emergency: An immediate threat to OfficeSpace Software’s application, infrastructure, or sites hosted within.
Critical: A security vulnerability that could have high impact but has not yet.
Not Critical: A standard security release update that’s necessary, but not urgent.
Not Applicable: A security vulnerability that’s helpful to be aware of, but not relevant to OfficeSpace Software’s environment and systems.
Regardless of the assigned classification, all security patch releases will follow a defined process for deployment that includes assessing the risk, testing the patch, scheduling the update, installing the repair, and verifying the solution.
We will assess the effect of a patch to the OfficeSpace Software infrastructure prior to its deployment. The OfficeSpace Software technology teams will also assess the affected patch for impact to each component of the OfficeSpace Software infrastructure, including servers, sites, software, and more.
If we categorize a vulnerability as an Emergency, the team overseeing the patch will consider it an imminent threat to our network. In these scenarios, we may deploy this patch within a 24-hour windows of successfully deploying it to a test environment.
Vulnerabilities deemed Critical or Not Critical will undergo testing for each affected component of our infrastructure before implementing the patch. For Critical updates, we may expedite the testing process to address time-sensitive critical concerns.
Following the release of all patches to OfficeSpace Software’s platform, members of the security team overseeing the update will verify the successful installation of the patch and will collaborate with the respective technology teams to confirm there have been no adverse effects on varying systems.
OfficeSpace Software is centered around building exceptional products and providing peace of mind to our clients (and their employees). Therefore, we follow a number of practices to prevent unauthorized access to systems and data, identify risks, execute industry-leading best practices, and evaluate ways to continue improving our platform.
OfficeSpace Software employees are required to use a password manager to create, manage, and share complex credentials for the software and tools we use on a daily basis. Passphrases are required to be cryptographically strong in order to reduce the risk of an employee’s account being compromised and unauthorized contacts gaining access to our systems.
We also use two-factor authentication when appropriate to access systems with access to production data, such as the OfficeSpace Software admin applications and administrative consoles. Temporary SSH keys, device-specific tokens, and rotating keys are all ways in which we ensure authorized users are the only ones accessing data related to OfficeSpace Software.
All data is assessed and categorized based on the sensitivity of the information and the access to it that different OfficeSpace Software employees may need. This allows us to control access and guarantee that only employees with the necessary permissions are able to access certain levels of user data.
OfficeSpace Software’s hardware runs a variety of monitoring tools that may detect suspicious code, configurations, and user behavior. Our IT specialists are responsible for installing, monitoring, and escalating any incidents that may occur to the OfficeSpace Software Security Team. Together, they’ll determine the best course of action to quickly remedy the situation.
OfficeSpace Software Infrastructure is hosted in globally recognized cloud services provider. They are SSAE 16\18 compliant, as well as ISO 27001, and more. We contract with these providers to ensure that their physical and environmental controls meet and exceed the requirements of Security, High Availability, and Resiliency that our users have come to expect from our products and services.
Depending on the classification of information, we may store client information for varying lengths of time. We keep data depending on regulatory storage requirements and\or our Data Retention schedule. At the end of the retention period, clients may request to have their data returned to them, or deidentified.
We use encryption to transmit data over public networks. This includes all data shared between OfficeSpace Software systems, clients, and employees. Systems are built on encrypted volumes for at rest encryption. We support the latest techniques to securely encrypt communication and constantly monitor best practices to best serve our clients.
We use Single Sign On (SSO) as much as technically possible for system connections and authentication. We also enforce MFA for each session. This ensures all data is accessed securely whether we’re working from our Atlanta headquarters or a coffee shop in Canada. Additionally, all our systems have Host Intrusion Detection, Virus and Malware protection, as well as local firewalls and local disk encryption and network level firewalls and Access Control Lists.
OfficeSpace Software works with a number of third-party suppliers to create our exceptional hosting platform, systems, and processes. When choosing another company to partner with, we assess the impact upon OfficeSpace Software’s production environment and take the appropriate steps to ensure our own security standards are maintained at every level. We are constantly evaluating our third-party suppliers to ensure we’re providing the most secure solution for our clients.
Still have questions?
OfficeSpace Software thinks a lot about security so you can think about it less. We’re constantly evaluating our processes, building new partnerships, and updating our systems to execute industry-leading security solutions.
If you would like to request more information about OfficeSpace Software’s security, feel free to reach out to your Client Success Manager or email one of our experts. They’d be happy to provide additional details or reports so you can feel confident in our security systems and policies.