Introduction

OctoML takes very serious the security of our platform and the privacy of our users and their data. This is a partial list of security measures we take to ensure our platform and data are secure.

Product Security

Authentication

OctoML uses third party authentication from OKTA. We do not store any passwords.

Permissions

OctoML supports permission levels within the application. Account owners can manage regular users inside an account.

Physical Security

OctoML production data is processed and stored within tier one cloud providers and commercial data-centers. All physical access is audited and access is limited through biometric access measures.

System Security

Servers and Networking

All OctoML servers and databases are protected by firewalls and secure system settings. All of our production servers run Linux.

Storage

All persistent data is encrypted at rest.

Operational Security

Policies

OctoML has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Training

Each OctoML employee is trained on security best practices and awareness during onboarding and continue with ongoing training programs. We perform disaster recovery and data restoration tests on an annual basis.

Change control

OctoML uses robust change control policies to balance control and speed when making changes to the system.

Backups and Recovery

OctoML takes regular backups of data and performs regular tests of restoring that data in the event of a serious incident.

Pentests

We engage third-party security experts to perform detailed penetration tests on the OctoML platform.

Incident Reporting

Incident Response

OctoML has developed and uses policies and procedures for handling security events. These policies are regularly reviewed and updated.

Responsible Disclosure

OctoML has a responsible disclosure of security issue policy in place on our website here: https://octoml.ai/legals/responsible-disclosure/

Did this answer your question?