Data Security at OfficeClip: A Comprehensive Overview

Reading Time: 3 minutes

OfficeClip implements a comprehensive range of security measures to safeguard our users’ data. It includes:

General Security for both Hosted and Installed Version:

  • SSL security: All data in transit uses SSL (https) framework to encrypt data on transit.
  • Login security: Only users with valid login credentials can access OfficeClip products.
  • 2-factor authentication (2FA): 2FA adds an additional layer of security to user accounts by requiring users to enter a code from their mobile device in addition to their username and password.
  • Application access: Administrators can restrict access to specific applications for certain users or groups of users.

organization-applications

  • System-wide access policies: Administrators can set system-wide rules that control user permissions for certain objects, such as contacts and tasks. For example, you could create a rule that only the user who created a contact can delete it.

application-access

  • Role-based security: Administrators can create roles that define different sets of permissions for users. For example, you can create a role for managers that gives them permission to create and delete contacts, while a role for employees only gives them permission to view contacts.

role-based-security

  • Object-based security: In addition to the above, administrators can control permissions for individual objects. For example, you could hide a particular contact from a group of users.

object-based-security

We are constantly evaluating our security measures and adding new ones as needed. We are committed to providing users with a secure and reliable platform for managing their data.

Our timesheet software has implemented the recommendations for DCAA(Defense Contract Audit Agency) regulations and Federal Accounting Regulations (FAR).

Additional Security for Hosted Version (SaaS):

  1. Our data center is located in the United States and is certified to the following security standards: ISO27001, HIPAA, ISO 90001, PCI-DSS, and SOC2-Type2.
  2. The payment processing for OfficeClip follows PCI compliance.
  3. Server backups are done every day (incremental backups are done every 30 minutes) to get the data back during outage.

Additional Security for Installed Version:

The installed version of the software allows users to install OfficeClip on their own machines, private clouds (like AWS or Azure), virtual private servers, or Docker containers.

Here are some security recommendations for these installations:

  1. OfficeClip uses SQL Server to store data. We recommend that you do not use the administrator password for the OfficeClip database. Instead, use controlled user accounts.
  2. Access to the server should be controlled by administrators so that only authorized users have access.
  3. Use software like BitLocker on Windows to lock down the OfficeClip drive.
  4. Take regular backups and store them securely.

Additional Measures:

In addition to the measures listed above, OfficeClip also implements the following measures to keep your data safe and secure:

  1. Vulnerability scanning: We regularly scan our systems for vulnerabilities.
  2. Patch management: We promptly apply security patches to our systems.

Conclusion:

OfficeClip takes security seriously. We implement a variety of measures to protect our users’ data. We are committed to providing users with a secure and reliable platform for managing their data.

Recommended Articles: