Own Company takes privacy and security very seriously. Our platform was built from the ground up with security in mind utilizing leading information security best practices.
The Own security team is aware of the recent breach of Okta’s management system. Own has evaluated its use of Okta and is not affected by this breach. We continue to monitor the situation and will provide an update if and when appropriate.
Own operations are geographically redundant and designed for resiliency. We have not experienced and do not currently anticipate any significant disruption to our operations as a result of the hostilities in Israel. You may find up-to-date information on any service disruptions at https://status.owndata.com/
July 28th, 2023
The Own security team has evaluated the MOVEit Transfer services and related vulnerabilities CVE-2023-34362, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932,CVE-2023-36933. Own does not use the MOVEit Transfer solution within its enterprise or segregated product environments.
Investigations with critical sub-processors have been initiated and there are no impacted sub-processors.
We continue to monitor the situation and will provide an update if and when appropriate.
Own implements best practices and industry standards to achieve compliance with numerous leading information security certifications and authorizations. View our technical and regulatory certifications below.
Own receives an annual SSAE 18 SOC 2 Type II attestation report to provide assurance to our customers and partners that Own uses secure systems and processes to protect their data.
Own's latest SOC 2 Type II report is available upon request under NDA.
Own receives a SSAE 21 SOC 1 Type II attestation report to provide assurance to our customers and partners that Own implements effective internal controls over financial reporting.
Own's latest SOC 1 Type II report is available upon request under NDA.
Own is Cyber Essentials certified to comply with UK government requirements for implementing the Cyber Essentials Schema of security controls to support our UK government clients that handle personal information.
Own's Cyber Essentials certification can be downloaded here.
If you are capturing and storing personal information of European Citizens, your company may be held liable under the GDPR, an EU data protection and privacy regulation. Own products are designed to support our customer's compliance obligations with data privacy regulations, including GDPR requirements.
More information on Own’s GDPR compliance capabilities can be found here.
The HDS certification requires cloud service providers that host personal data governed by French laws to implement strong security measures to protect health data.
Own's HDS certification demonstrates our commitment to securing and protecting the confidentiality of personal health data.
Additional information on Own’s HDS program can be found here.
Own is ISO 27001:2013 and ISO 27701:2019 certified, demonstrating Own has implemented best-practice information security and privacy processes to securely provide services to our customers.
To support the compliance programs for our Healthcare clients, Own extended the SOC 2 Type 2 audit scope to include applicable HIPAA/HITECH controls to demonstrate adequate safeguards are in place to protect healthcare data. Own’s latest HIPAA/HITECH report is available upon request under NDA.
Own’s QMS ensures our products are designed, developed, and maintained using industry-leading infrastructure, processes, and tools to deliver the highest levels of quality and ensure security of the product environment storing our customer’s data.
Own mapped our QMS against applicable 21 CFR Part 11 (“GxP”) and EudraLex Volume 4, Annex 11 (“GmP”) controls to externally validated controls within our ISO 27001 certification and SOC 2 Type II report to support the compliance program of our Life Sciences clients.
Additional information for Own’s support for GxP and GmP compliance can be found here.
Own security personnel are part of the ISACA network, one of the world’s largest global organizations for information security professionals, and frequently participate in knowledge sharing to provide insight into emerging security threats and help advance the security field.
Own security personnel hold numerous ISC2 security certifications, including the Certified Information System Security Professional (CISSP), and are active members in the ISC2 community. ISC2 is a leading organization specializing in training and certifications for cybersecurity professionals.
Own is a member of the NJCCIC and receives cyber alerts and advisories, cyber tips and best practices for managing cyber risk. The NJCCIC provides members with cyber information sharing, cyber threat analysis, and incident reporting services to promote statewide awareness of cyber threats and adoption of best practices.
Own is committed to protecting our clients when it comes to privacy and security. Our world-class secure data operations platform was built from the ground up utilizing leading information security best practices.
For details on our security controls download our security controls document.