Trust Center
Last modified 03.18.25
Overview
Establishing Trust
Your Trust is Our Priority
At Omny, we understand that trust is the foundation of every successful relationship. That’s why we are committed to upholding the highest standards of security, privacy, and transparency in everything we do.
We work tirelessly to protect your data, ensure the reliability of our services, and comply with global industry standards. Our goal is to provide you with the confidence and peace of mind that your information is in safe hands.
Through proactive security measures, adherence to privacy regulations, and open communication, we aim to not only meet but exceed your expectations. Whether you're a small business, enterprise, or individual, your trust fuels our mission to deliver secure and reliable solutions.
Read through this Trust Center to learn more about how we safeguard your data and uphold our commitment to integrity and accountability.
Compliance
Meeting Global Standards
ISO/IEC 27001:2022 Certification
Our ISO/IEC 27001:2022 certification highlights our rigorous approach to managing and protecting information assets. This achievement reflects Omny’s alignment with global best practices for information security and our continuous efforts to improve our ISMS. By adhering to the latest version of this standard, we ensure that our security controls remain effective against evolving threats.
To request a copy of Omny's ISO/IEC 27001:2022 Certificate, please send a request to security@omnysecurity.com.
Supporting Conformance to IEC 62443
In addition to achieving ISO/IEC 27001 certification, Omny actively supports our customers in aligning with and achieving conformance with key standards from the IEC 62443 series for industrial automation and control systems (IACS). These standards are critical for ensuring robust cybersecurity in industrial environments. Specifically, we help customers with:
- IEC 62443-2-4: Security program requirements for IACS service providers, ensuring that service providers have the processes and capabilities necessary to manage cybersecurity in industrial systems.
- IEC 62443-3-2: Security risk assessment and system design, enabling customers to conduct thorough risk assessments and implement secure system architectures.
- IEC 62443-3-3: System security requirements and security levels, providing guidance on defining and achieving the necessary security levels for IACS systems.
Security
Our Security Practices
We have implemented a comprehensive security framework designed to protect your information at every level. Our key security measures include:
Encryption
- Data in Transit
Omny ensures secure connections and robust encryption to protect data. All customer data is encrypted in transit and at rest within the Omny Risk application. Customer connections are secured with Transport Layer Security (TLS), enforcing TLS 1.2 or higher, and using secure cipher suites. Internal network connections leverage mutually authenticated TLS (AES-128-GCM), while database connections are secured with TLS 1.3 and a 256-bit AES cipher, with access restricted to necessary components.
Customers maintain control of their security programs to protect their content, systems, and networks, while Omny supports encryption in transit and at rest in collaboration with cloud service providers (CSP). - Data at Rest
Omny utilizes Cognite Data Fusion for handling all persistent states. All data stored within the Omny Risk application is protected by data encryption at rest following controls implemented by Cognite. See https://www.cognite.com/en/security for more information.
Data Hosting Location
Omny Risk application is powered by Cognite Data Fusion (CDF), a robust data hosting platform provided by Cognite. This technology gives customers full control over data residency, allowing them to choose where their data is securely stored to meet compliance and operational needs. Refer to https://docs.cognite.com/cdf/admin/clusters_regions for more information.
Data Backup and Recovery
Our data remains secure and available, even in the face of unexpected disruptions. Our SaaS providers manage data backups, incorporating redundancy and failover mechanisms as part of their standard service offerings. This ensures that critical business data is continuously protected and recoverable in case of outages.
We have identified key tools and service providers essential to our operations, assessing their impact on business continuity. By working with trusted vendors and leveraging built-in backup solutions, we minimize risks related to data loss, downtime, and service disruptions.
By combining resilient infrastructure with proactive monitoring, Omny maintains a robust backup and recovery strategy, ensuring that our data remains secure, accessible, and protected at all times.
Access Controls
At Omny, security starts with controlling access to our systems and data. We ensure that every employee, contractor, and third-party user has just the right level of access—no more, no less—by following the principle of least privilege. From the moment someone joins our team, they receive a unique identity that determines their access based on their role, with authentication secured through Single Sign-On (SSO), SAML, and Multi-Factor Authentication (MFA).
Threat Detection and Monitoring
Our systems are continuously monitored for any signs of suspicious activity. Threat detection tools enable us to identify and respond to potential security incidents promptly.
Vulnerability Management
We take a risk-based approach to identifying and addressing security vulnerabilities. Using automated scanning tools, we continuously assess our operating systems, applications, and network devices for known weaknesses. Vulnerabilities are prioritized based on severity, impact, and exploitability, ensuring critical issues are remediated first.
Our remediation process includes prompt patching, secure system configurations, and compensating controls for cases where immediate fixes aren’t available, especially for zero-day vulnerabilities. We also monitor emerging threats through threat intelligence and conduct regular vulnerability scans to stay ahead of risks.
Security is a shared responsibility, and we reinforce this with ongoing employee training, ensuring that vulnerabilities are identified and reported promptly. By combining continuous monitoring, rapid response, and proactive security measures, Omny maintains a resilient and secure environment for our systems and data.
Supply Chain Security
We prioritize supply chain security by conducting rigorous vendor assessments, monitoring for risks, and enforcing strict data sharing and access controls. With robust business continuity plans and incident response collaboration, we ensure a secure and resilient ecosystem.
Security doesn’t stop at onboarding. We continuously monitor our suppliers to ensure they maintain compliance, reviewing their security posture annually for high-risk vendors and every two years for others. If a supplier fails to meet our security standards or poses a risk to our operations, we don’t hesitate to take action—including terminating relationships when necessary.
Regular Security Audits
Regular security audits and assessments are conducted to evaluate the effectiveness of our security measures. This proactive approach allows us to identify and address vulnerabilities before they can be exploited.
Incident Reporting
Omny is committed to promptly addressing any security incidents that may arise. If you need to report an incident, please reach out to our dedicated security team at security@omnysecurity.com. We encourage timely reporting to ensure swift action and resolution.
Privacy
Your Privacy Matters
Review our full Privacy Policy here.