OwnBackup takes privacy and security very seriously. Our platform was built from the ground up with security in mind utilizing leading information security best practices.
July 28th, 2023
The OwnBackup security team has evaluated the MOVEit Transfer services and relatedvulnerabilities CVE-2023-34362, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932,CVE-2023-36933. OwnBackup does not use the MOVEit Transfer solution within its enterpriseor segregated product environments.
Investigations with critical sub-processors have been initiated and there are no impactedsub-processors.
We continue to monitor the situation and will provide an update if and when appropriate.
OwnBackup implements best practices and industry standards to achieve compliance with numerous leading information security certifications and authorizations. View our technical and regulatory certifications below.
OwnBackup receives an annual SSAE 18 SOC 2 Type II attestation report to provide assurance to our customers and partners that OwnBackup uses secure systems and processes to protect their data.
OwnBackup's latest SOC 2 Type II report is available upon request under NDA.
OwnBackup receives a SSAE 21 SOC 1 Type II attestation report to provide assurance to our customers and partners that OwnBackup implements effective internal controls over financial reporting.
OwnBackup's latest SOC 1 Type II report is available upon request under NDA.
OwnBackup is Cyber Essentials certified to comply with UK government requirements for implementing the Cyber Essentials Schema of security controls to support our UK government clients that handle personal information.
OwnBackup's Cyber Essentials certification can be downloaded here.
If you are capturing and storing personal information of European Citizens, your company may be held liable under the GDPR, an EU data protection and privacy regulation. OwnBackup products are designed to support our customer's compliance obligations with data privacy regulations, including GDPR requirements.
More information on OwnBackup’s GDPR compliance capabilities can be found here.
The HDS certification requires cloud service providers that host personal data governed by French laws to implement strong security measures to protect health data.
OwnBackup’s HDS certification demonstrates our commitment to securing and protecting the confidentiality of personal health data.
Additional information on OwnBackup’s HDS program can be found here.
OwnBackup is ISO 27001:2013 and ISO 27701:2019 certified, demonstrating OwnBackup has implemented best-practice information security and privacy processes to securely provide services to our customers.
To support the compliance programs for our Healthcare clients, OwnBackup extended the SOC 2 Type 2 audit scope to include applicable HIPAA/HITECH controls to demonstrate adequate safeguards are in place to protect healthcare data. OwnBackup’s latest HIPAA/HITECH report is available upon request under NDA.
OwnBackup’s QMS ensures our products are designed, developed, and maintained using industry-leading infrastructure, processes, and tools to deliver the highest levels of quality and ensure security of the product environment storing our customer’s data.
OwnBackup mapped our QMS against applicable 21 CFR Part 11 (“GxP”) and EudraLex Volume 4, Annex 11 (“GmP”) controls to externally validated controls within our ISO 27001 certification and SOC 2 Type II report to support the compliance program of our Life Sciences clients.
Additional information for OwnBackup’s support for GxP and GmP compliance can be found here.
OwnBackup security personnel are part of the ISACA network, one of the world’s largest global organizations for information security professionals, and frequently participate in knowledge sharing to provide insight into emerging security threats and help advance the security field.
OwnBackup is a member of the NJCCIC and receives cyber alerts and advisories, cyber tips and best practices for managing cyber risk. The NJCCIC provides members with cyber information sharing, cyber threat analysis, and incident reporting services to promote statewide awareness of cyber threats and adoption of best practices.
OwnBackup security personnel hold numerous ISC2 security certifications, including the Certified Information System Security Professional (CISSP), and are active members in the ISC2 community. ISC2 is a leading organization specializing in training and certifications for cybersecurity professionals.
OwnBackup is committed to protecting our clients when it comes to privacy and security. Our world-class secure data operations platform was built from the ground up utilizing leading information security best practices.
For details on our security controls download our security controls document.