At Outset, our commitment to security is unparalleled — enabling our clients to enhance their security posture and compliance is rooted in our own practices.
Outset's Security and Privacy teams formulate policies and controls, monitor compliance, and verify our security and compliance to independent auditors.
Our policies are founded on key principles:
All datastores containing customer data, including any additional data repositories, are encrypted at rest. We also use row-level encryption for sensitive data collections.
Outset employs TLS 1.3 and higher for data transmission over potentially insecure networks.
We use robust key management systems to manage encryption keys securely. All application secrets are encrypted and securely stored, with access strictly regulated.
Outset incorporates vulnerability scanning at crucial points of our Secure Development Lifecycle (SDLC).
All enterprise devices are centrally managed, equipped with advanced endpoint protection software, and monitored for security alerts around the clock.
We employ a risk-based approach to assess vendor security, taking into account factors such as access to customer and corporate data, integration with production environments, and potential harm to the Outset brand.
Outset provides robust security training to all employees and regularly shares threat briefings with team members.
Outset uses advanced IAM solutions to secure our identity and access management. Employees are granted access to applications based on their role and immediately deprovisioned upon termination.
At Outset, data privacy is of utmost importance — we are dedicated to safeguarding all sensitive data with utmost care.
Outset continuously evaluates updates to regulatory frameworks to adapt our program accordingly.