Book Demo

    One Model Security Policy

    Our Commitment to Data Security and Information Privacy

    In an era where data security and privacy are paramount, our company reaffirms its unwavering commitment to safeguarding the information entrusted to us. As a leading provider of tools to data practitioners, we recognize the critical importance of robust data security measures and the ethical management of personal information.

    Compliance with International Data Security Regulations:

    Our approach to data security is comprehensive, adhering to key regulations across major jurisdictions:

    • United States: Fair Credit Reporting Act (FCRA), Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA), and state-specific laws such as California Consumer Privacy Act - CCPA, New York Stop Hacks and Improve Electronic Data Security - SHIELD Act, Massachusetts 201 CMR 17.00 and all data breach notification laws. We also adhere to frameworks such as the NIST Cybersecurity Framework.
    • European Union: We comply with the General Data Protection Regulation (GDPR), ensuring rigorous data protection for all individuals within the European Union. This includes stringent consent protocols, data subject rights, and secure data processing standards. 
    • Australia: We adhere to the Australian Privacy Principles (APPs) under the Privacy Act 1988, which governs how we handle, use, and manage personal information, ensuring transparency and accountability in our operations.

    Our Data Security Best Practices:

    To maintain the highest levels of data security, we implement a range of best practices:

    • Encryption and Data Masking: We utilize advanced encryption techniques and data masking to protect data at rest and in transit, ensuring unauthorized parties cannot access sensitive information.
    • Regular Security Audits: Our systems undergo regular security audits and vulnerability assessments to identify and mitigate potential risks proactively.
    • Employee Training: All staff members receive ongoing training on data security protocols and privacy regulations to ensure they are well-equipped to handle data responsibly.
    • Incident Response Plan: We have a robust incident response plan to swiftly address and rectify any data breaches or security incidents, minimizing potential impacts.
    • Vendor Risk Management: We rigorously assess third-party vendors to ensure they meet our stringent data security standards.

    Our Commitment to Our Customers:

    As a provider to data practitioners, we not only adhere to these standards but also champion them in our products and services. Our commitment to data security and privacy is not just a regulatory obligation; it is a fundamental aspect of our corporate ethos. We understand the immense responsibility that comes with handling and analyzing data, and we are dedicated to upholding the highest standards of data security and privacy for our customers. We will continue to lead the industry in responsible and secure data management.

    ISO/IEC 27001 Certified

    Our ISO/IEC 27001 certification reflects our commitment to protecting your information with the highest standards in information security management. Here’s what this means for you:

    1. Data Security You Can Trust
      Rest assured, One Model has robust processes in place to protect against data breaches and cyber threats.
    2. Global Credibility & Compliance
      Our certification aligns with international standards, giving you confidence that we meet or exceed global and industry-specific regulations.
    3. Risk Reduction & Cost Savings
      By systematically managing information security, we help you avoid the high costs and risks of potential security incidents.
    4. Operational Efficiency
      Our streamlined security practices improve efficiency, allowing us to serve you more effectively.
    5. Dedicated to Continuous Improvement
      We regularly enhance our security measures, adapting to evolving threats and ensuring your data’s safety remains a top priority.
    iso 27001 certified badge

    SOC 2 Type II Certified

    Our SOC 2 Type II certification is your assurance that we meet rigorous standards for data protection, privacy, and operational security. Here’s how it benefits you:

    1. Proven Data Security and Privacy
      SOC 2 Type II certification confirms that we have effective controls in place to keep your data safe, private, and accessible only to authorized users.

    2. Reliable, Ongoing Protection
      SOC 2 Type II is a rigorous audit that measures controls over time, not just a single point. This means One Model maintains high standards of security continuously, not just once a year.

    3. Compliance with Industry Standards
      Our SOC 2 Type II status means that One Model is compliant with key industry requirements, helping you meet your own security and compliance standards with ease.

    4. Minimized Risk and Increased Confidence
      With our SOC 2 Type II certification, you can feel confident that One Model takes data integrity and availability seriously, minimizing risks associated with third-party data handling.

    5. Seamless Partner in Security
      SOC 2 Type II demonstrates our dedication to security, reliability, and operational excellence, providing you with a trusted partner who prioritizes your data as much as you do.

    AICPA SOC II Certified

    Availability and Continuity

    • Hosted by Amazon Web Services currently operating out of US, Ireland and Sydney regions with the option to add others based on customer demand.
    • Physical data center security provided by AWS
    • Data backed up daily
    • External Penetration Testing

    Amazon

    PII and GDPR

    • Data Protection Officer - Phil Schrader (privacy@onemodel.co)
    • Adheres to Data Processor Requirements of GDPR
    • All One Model employees participate in annual Information Security Training
    • One Model will never process data in a fashion not requested or configured by the Customer
    GDPR

    One Model Contains Privacy by Design

    • Only the data provided/permitted by the customer is transferred to One Model
    • Application level role-based security provides manageable access to data
    • One Model staff only have access to data where required to support the customer
    • All data is encrypted in transit and at rest

    Consent

    • One Model does not collect data directly from the employee; it consumes/processes data from HR systems.
    • Consent is handled by the Customer
    • One Model will never process data in a fashion not requested or configured by the Customer

    Right to Access

    • Multiple options exist for providing access
    • Give the employee a user to access One Model where their role is linked to their own data point
    • Dashboards/reports aimed at providing individual information can be created for distribution on request to the employee

    Data Portability

    • Not applicable to the One Model application, but we can facilitate the export/transfer of data for an employee using the options in Right to Access.

    Right to be Forgotten

    • Primarily handled through the source system. One Model is synchronized with the source so removal from the source system will remove from One Model on the next synchronization.
    • If a data source is being held statically, these persons can be removed via the data models so they are no longer processed or removed from the data store via a SQL query to remove. One Model will facilitate this process where the customer does not have the resources to complete.

    Please report any complaints or unethical behavior to privacy@onemodel.co
     

    Ready to learn more?

    Request a tailored demo to see how One Model could help you.

    Request a demo