Introduction

OrgChart Now is a SaaS (Software as a Service) product that allows customers to create organizational charts and workforce plans. Our stated goal is to provide our customers with a secure and reliable solution. In order to do so, we have established a risk management policy to mitigate risks associated with both security and reliability.

See Risk Assessment Policy and Procedure for additional details.

The Management Review team is responsible for ongoing review of the following key risk areas:

Application Security

A Software Development Methodology has been created to ensure that our software development produces secure applications.

Business Continuity and Disaster Recovery

A Business Continuity and Disaster Recovery Plan has been developed to make our service more resilient.

Change Control

A change management policy has been development to ensure that changes to our system to do not impact service availability.

Data Center Security

All hosting is outsourced to certified hosting partners. See the Information Security Overview document for additional details.

Human Resources

All employees and contractors are required to attend Information Security Training on an annual basis.

Access Control

Our IT department has developed procedures to review permissions so that employees and contractors have appropriate access to all systems (including those that manage customer data). See Access Control for additional details.

Incident Management

In the event that an incident occurs, we have to respond in a timely manner to mitigate the issue. We also need to perform an analysis to remediate any underlying issue to prevent recurrence. See Incident Management Policy for details.

System Acquisition

All information systems must be evaluated to ensure they do not impact information security requirements. See System Acquisition for more details.

Cybersecurity and Cybersecurity Insurance

A Cybersecurity Policy has been deployed to mitigate risks associated with cybersecurity. We also carry cybersecurity insurance to reduce liability in the event that any customer data is compromised.

Compliance

A Compliance Policy has been deployed to ensure adherence to all pertinent federal, state and local laws, regulations and policies.

Audit

Both internal and external audits are performed to ensure that policies and procedures are enforced.