Trust Center

Corporate Security

Securing Our Enterprise

At Omada, we take great measures to keep our business safe, and regularly
update our 
policies to adhere to emerging trends. We have implemented
the following practices and policies:

Information Security Management System (ISMS)

  • Omada maintains an ISMS to document the set of policies and procedures for systematically managing sensitive data within Omada 
  • Omada adheres to ISO 27001 recommendations and standards to maintain the ISMS
  • The goal of the Omada ISMS is to minimize risk and ensure business continuity by proactively limiting the impact of a security breach 
  • Independent assessors certify Omada’s ISMS on a yearly basis on the correct governance

Patching Policy     

  • Omada regularly installs updates on all Domain connected infrastructure, laptops, & servers​
  • Use various endpoint management systems to update and patch operating systems and critical applications 
  • Implemented multiple endpoint protection solutions to protect against threats like malware
  • Patching is fully automated with a monthly review process to validate the successful installation of patches and address any failures

Incident Handling Response

  • Omada has a centralized, 24×7 Service Desk and Support to offer remediation and resolution services
  • Omada has developed a process for handling incidents that is aligned with NIST-SP 800 incident handling process 
  • Have a clearly documented process that aligns technical and customer-facing teams to quickly and clearly alert if incidents occur

People Training

  • New joiners must go through mandatory information security and data privacy training ​
  • Once a year, all employees must complete mandatory security awareness and incident handling training​
  • Security development training is mandatory for all members of the technical organization, with primary focus on secure coding practices​.
  • All training is aligned in a Software Assurance Maturity Model (OWASP SAMM) plan

Penetration Test

  • At least yearly pen-tests using certified external companies in rotation
  • All major changes and new features are tested before going live
  • Our last pen test was performed in May of 2022, and we provide findings for customers and prospects upon request

The Omada Software Development Lifecycle considers:

  1. Security of the development environment

  2. Guidance on the security in the software development lifecycle

    • Security in the software development methodology
    • Secure coding guidelines for each programming language used
  3. Security requirements in the design phase

  4. Security checkpoints within the project milestones

  5. Secure repositories

  6. Security in the version control

  7. Required application security knowledge

  8. Developers’ capability of avoiding, finding, and fixing vulnerabilities

To support in the delivery of its Services, Omada may engage and use data processors with access to certain Customer Data (each, a “Sub-processor”). Omada maintains an up-to-date list of such Sub-processors which you can read more about here. 

Download the Omada Sub-Processors Overview

 

TRUSTED BY LEADING ORGANIZATIONS GLOBALLY

Let's Get
Started

Let us show you how Omada can enable your business.