Security & Reliability

Last Updated: June 29, 2024

At OWL, the security and reliability of our systems and your data are our top priorities. We implement comprehensive security measures and rigorous reliability practices to ensure that your data is protected and our services remain consistently available.

OWL Protects Your Data

At OWL, we take security very seriously. Protecting your data is our mission. To that end we follow today’s security best practices, including the following:

Compliance with Atlassian Security Requirements: We are part of the Atlassian Marketplace Partner Agreement and Atlassian Developer terms that impose several security requirements, as described in Atlassian Security requirements for cloud apps.
Data Encryption: We use industry-standard encryption protocols to secure data both at rest and in transit, ensuring that sensitive information is protected from unauthorized access.
Access Controls: Access controls in OWL are managed through Jira, utilizing user-based permissions configured by the Jira Administrator. This ensures that only authorized users have access to sensitive data.
Authentication: OWL employs secure authentication mechanisms, including multi-factor authentication, to verify user identities and prevent unauthorized access.
Audit Logs: Audit logs for OWL are maintained through Jira’s standard functionality. OWL does not keep separate audit logs.
Data Backup and Recovery: Data backup and recovery for OWL are managed through Jira’s standard functionality. OWL does not keep separate backups of the data.
Employee Training and Awareness: We conduct regular training programs for all OWL employees to ensure they are aware of compliance requirements and best practices.
OWL’s Compliance Process: Our compliance process includes regular audits, risk assessments, and continuous monitoring to ensure that our security measures are up-to-date and effective.
Reporting and Incident Response: OWL has a comprehensive incident response plan to address any data breaches or security incidents. Users can report potential HIPAA violations or concerns to our dedicated compliance team.

Compliance and Certifications

HIPAA Compliance

  • OWL adheres to HIPAA standards to ensure the protection of sensitive healthcare data. This includes implementing strict access controls, encryption, and regular audits.

SOC 2 Type II Compliance

  • OWL meets SOC 2 Type II standards, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy.

GDPR Compliance

  • OWL complies with GDPR regulations, ensuring that personal data is handled in accordance with European Union privacy laws.

Sub-processors

We use third party vendors to provide services necessary to run and improve the services we offer customers. We enter into GDPR-compliant data processing agreements with each vendor that is processing personal data.

Third party vendors we share personal or sensitive data with:

  1. Google Analytics – Analytics
  2. Google AdWords – Ads
  3. Facebook – Ads
  4. Bing – Ads
  5. HubSpot – Marketing and Sales
  6. Atlassian – Product Development and Support

Bug Bounty Program

Through our public bug bounty program, our applications are constantly being probed for vulnerabilities. This creates an environment of continuous testing by 3rd parties.

Software Development Security

OWL uses a Git version control system. Changes to OWL’s code base go through a suite of automated tests before being reviewed and sent through a round of manual testing. When code changes pass through the automated testing system, they are first pushed to a staging environment where timedoctor.com employees test the changes before they’re pushed to our production servers. Changes that are critical, due to security or for other reasons, are fast-tracked to production while still being tested thoroughly.

Screenshot Security

Screenshots are an optional OWL feature. If activated, the screenshots feature will take and store screenshots of your employees’ monitors at a regular time interval.

If you use the screenshots feature, you can rest assured that the screenshots and all other data are:

Encrypted: All screenshots are encrypted at rest and in transit to ensure they are protected from unauthorized access.
Access Controlled: Access to screenshots is managed through Jira’s user-based permissions, ensuring that only authorized users can view or manage these images.
Stored Securely: Screenshots are stored on secure, client-designated systems, complying with all relevant security standards and practices.

Incident Response

In case of a data breach we have a procedure that dictates how and when to make a timely responsible disclosure to the affected parties with a first communication within 24 hours of us becoming aware of the incident.

.

Request a DEMO Flight of OWL
Request a DEMO Flight of OWL