Welcome to Ours Privacy's Trust Center
At Ours Privacy, we understand the importance of security, privacy, compliance and transparency. That's why we take a comprehensive approach to Trust.
Whether you are a customer, prospective customer or partner, this self-serve tool enables you to complete your audits and security questionnaires. We are dedicated to consistently enhancing our Trust Center and will regularly update and review it.
Compliance overview
Current compliance status across frameworks
Compliance Program
An overview of security controls in place
Access Control and Authorization
Access granting process used
Access management policy established
Account inventory maintained
Dormant accounts disabled
Employee access regularly reviewed
MFA required for critical services
Password management policy enforced
Password management policy established
Data Management and Protection
Data encrypted at rest
Data encrypted in-transit
Data inventory maintained
Data management and retention policy established
Disaster Recovery
Automated backups enabled
Business continuity and disaster recovery policy established
Data recovery process established
Disaster recovery plans tested
Recovery data isolated
Email Security
DMARC policy and verification used
Email account access restricted
Email settings block malicious content
Endpoint Security
Anti-malware deployed on end-user devices
Data encrypted on end-user devices
Firewall maintained on end-user devices
Mobile device management (MDM) used
Infrastructure Security
Active discovery tools used
Automated security scanning performed on infrastructure
Buckets not exposed publicly
Configuration management system established
Firewall restricts public access to infrastructure
Infrastructure changes logged
Infrastructure changes require review
Infrastructure deployed using an infrastructure-as-code tool
Production deployment access restricted
Unauthorized assets addressed and removed
Unique production database authentication enforced
Web Application Firewall (WAF) used
Monitoring and Incident Response
Audit log management process maintained
Audit logs collected
Incident response policy established
Infrastructure performance monitored
Log management used
Network infrastructure monitored
Organizational Security
Acceptable use policy established
Asset inventory maintained
Asset management policy established
Code of conduct established
Company commitments externally communicated
Confidentiality Agreement acknowledged by employees
Data-flow diagrams maintained
Employee background checks performed
External support resources available (i.e., documentation)
Offboarding process established
Onboarding process established
Performance evaluations conducted
Physical access restricted
Policies signed by relevant personnel
Reference checks performed for employees
Roles and responsibilities specified
Security awareness training conducted
Service description communicated
Software development lifecycle established
System changes externally communicated
System changes internally communicated
Risk Management
Risk assessments performed
Risk management policy established
Vendor inventory maintained
Vendor management program established
Vulnerability Management
Automated software patch management performed
Penetration testing findings remediated
Penetration testing performed
Vulnerabilities remediated
Vulnerabilities scanned
Vulnerability management policy acknowledged by employees
Vulnerability management policy established