Updated February 17, 2017
To this end, OpenMarkets applies a tiered approach to securing it’s platform:
Utilizing Secure Socket Layer (SSL) and Transport Layer Security (TLS) Encryption, all application transactions and user activity is performed over a secure, encrypted channel for communication. This is ensures the data transmissions are safe, secure and available only to the intended parties.
All users on the platform are provisioned a unique login identifier that corresponds to their organization. All user access to the application and data is governed and restricted based on their role type and organization membership. Every unique login identifier is required to use a strong password that complies with minimum complexity requirements to reduce the threat of compromised entry in the application. Passwords, along with other sensitive data, are stored in an encrypted manner using the latest available security algorithms.
OpenMarkets subscribers have the ability to export their data sets through the application in several pre-defined formats - e.g., csv and pdf. The process for exporting the data is managed and controlled in a two-step process of creating a safe document free of viruses, as well as sending the exportable document over a secure data channel.
OpenMarkets physical infrastructure is hosted and managed within the most updated cloud-based data centers. Our service providers continually manage risk and undergo recurring assessments to ensure compliance with industry standards. Our service providers have been accredited under:
Our data centers are staffed and monitored 24 hours a day, 7 days a week, all year round. All physical access to facilities is secured by trained security guards, audible visitation logs and the required entry requirements - e.g., verifiable identification materials and biometric controls. All aspects of the facilities and infrastructure are monitored including environmental variables that are critical to the success of a great data center operation - i.e., controlled temperature, smoke / fire detection.
OpenMarkets architecture has been designed to utilize the latest in cloud-based technology to greatly reduce the risk of unplanned outages to the infrastructure. Fully redundant network devices and connectivity points are built-in throughout the architecture - e.g., firewalls, routers, servers, power supplies, connectivity to storage area network (san) and wide-area network Internet connectivity. Additionally, our service providers have contracted arrangements in place to draw power from multiple backup points including batteries, large diesel generators and substations.
In an effort to protect all Clients, their users and maximize productivity via high availability, OpenMarkets takes several proactive measures to protect the integrity of the network:
Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.
Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. OpenMarkets utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.
Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.
The uptime of mission-critical services are continually monitored by contracted service providers with documented escalation procedures within OpenMarkets in the event of an unplanned outage.
Third party security testing of the application is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team.
OpenMarkets clients and environments are segregated across multiple Development, Test, Demonstration and Production environments. This is to ensure the maximum level of testing can be performed without disrupting the Production environment.
Backups to the database occur hourly and are securely replicated to a centralized backup storage location within our data center service provider’s network. Our procedures are tested and restore workflow is predictable in the event a restore is needed in the production environment.
OpenMarkets has adopted OWSAP Top10 defensive coding techniques and controls to reduce the threat of a malicious attack on our Clients managed infrastructure and software - i.e., SQL injection attacks, cross site scripting, and cross site request forgery.
OpenMarkets operational security efforts are led by a named Privacy & Compliance Officer who oversees all escalated matters and ensures timely resolution to reported incidents.
We use the information collected automatically to obtain general statistics regarding the use of the Website and its specific web pages and to evaluate how our visitors use and navigate the Website. For example, we may calculate the number of people who use the Website, open our emails, and determine which pages are most popular. OpenMarkets uses the information you provide through the registration process to provide you with the information and services you request, to communicate with you on matters relating to the Website and your account, to provide necessary information to accrediting or certifying bodies, and other of our business affiliates (but only in connection with the information and services you request from us) to provide you with information about related services and/or products. OpenMarkets may also use information about you to resolve disputes, troubleshoot problems, or enforce our rights. At times, OpenMarkets may review the information of multiple users to identify problems or to resolve disputes. Opt-Out Policy: If you do not wish to receive certain communications from OpenMarkets you may opt out by declining the service offered or informing us that you no longer wish to receive such communications. We will comply with your request unless such communications are necessary for the administration of your account, required by law, or necessary to protect our rights.
Technical and legal circumstances beyond our control could prevent OpenMarkets from ensuring that your information will never be disclosed in ways not otherwise described herein. For example, among other things, we may be required by law, regulation or court order to disclose information to government representatives or third parties under certain circumstances. If OpenMarkets is requested by law enforcement officials or judicial authorities to provide information on individuals, OpenMarkets may, without your consent, provide such information. In matters involving claims of personal or public safety or in litigation where the data is pertinent, OpenMarkets may use or disclose your personal information without your consent or court process. Unauthorized parties may unlawfully intercept or access transmissions despite any commercially reasonable security efforts by OpenMarkets. Even with such technology, no website is 100% secure. Further, corporate restructurings, sale of assets, merger, divestiture and other changes of control or financial status affecting the Website may require disclosure as an incidental result of a transfer of assets by operation of law or otherwise. Therefore, OpenMarkets does not promise, and you should not expect, that your private information shall remain private under all circumstances and you shall not hold OpenMarkets or its business associates liable for its failure to do so.
OpenMarkets uses commercially reasonable efforts to ensure the security of your personal information, but no method of transmitting or storing electronic data is ever completely secure, and OpenMarkets cannot guarantee that your information will never be accessed, used, or released in a manner that is inconsistent with this policy.
Your information will be stored, processed, and accessed in the United States. If you use the Website from outside of the United States, you consent to the transfer of your information to the United States (i.e., outside your country of residence).
If you have any questions that are not answered elsewhere on this site, if you would like to review the personally identifiable information we have collected about you, or if you believe that this policy has been violated, please contact Michael Fineberg at (866) 447-3270 or firstname.lastname@example.org. Our response to such in inquiries may be limited to information under our direct control.