OrgChart is committed to keeping your employee and company data private, safe, and secure with our robust information security program.
At OrgChart, we take a proactive approach to information security to keep your data secure and accessible only by authorized people. Security for your data is a top priority at our company, and we have a team dedicated to securing our systems, processes, and controls. We also maintain rigorous testing protocols and industry-leading security certifications.
Our comprehensive, multi‑faceted strategy mitigates both human and software threat vectors to protect your valuable HR data.
OrgChart is powered by Amazon Web Services (AWS), the industry’s leading provider of secure computing infrastructure. For government customers, we use AWS GovCloud (US).
We use AWS for all hosting and network infrastructure. AWS best practices ensure our production infrastructure is secured using the latest technologies and techniques.
We use AWS because of its stringent security measures, which include:
You can securely access our products at any time and from any device or location. OrgChart offers a 99.8 percent uptime guarantee to our customers by utilizing redundant/resilient architecture of AWS to eliminate single points of failure and to mitigate risks.
OrgChart maintains up-to-date security documentation and certifications. We base our security documentation on the CSA (Cloud Security Alliance) CAIQ framework.
Our certifications include: SOC 2 Type 2, ISO 27001, and ISO 27018.
Our solution complies with privacy regulations in the regions where we operate. This includes GDPR in the EU and state-level laws, such as the California Consumer Privacy Act (CCPA), in the U.S. OrgChart is also a participant in the U.S. Data Privacy Framework.
OrgChart maintains a comprehensive Information Security Management System (ISMS) and has self-certified against additional standards including HECVAT, Cloud Security Alliance STAR, and SIG Lite.
You own your data and retain all rights to it. We respect your privacy and will never make your data publicly available without permission. Reference our privacy policy for more information.
All data transferred between user devices and our servers require an encrypted connection to ensure the privacy of your information. We also employ encryption (AES-256) to protect the secrecy of all data at rest.
OrgChart is committed to CCPA and GDPR compliance and uses an approved framework (e.g., Standard Contractual Clauses or a successor to Privacy Shield) to transfer customers’ data from the EEA, U.K., or Switzerland to the U.S. In addition, all of our sub‑processors utilize the SCCs or Binding Corporate Rules to transfer personal data from the EEA, U.K., or Switzerland to the U.S. We are EU-US Privacy Shield certified.
For our government customers, we offer AWS GovCloud hosting. AWS GovCloud provides FedRAMP Moderate baseline security to protect your data.
Contact us for more information on GovCloud hosting.
