Time til Skorum

the first-of-its-kind virtual sales kick-off for all sellers

Production Header (V2)

Privacy policy

Terms of service

Technical Security

Announcing our new integration with Apollo

Dialer

Salesfloor

Analytics

Call Library

Twitter

LinkedIn

Youtube

Build Pipeline

Increase call volume

Decrease Ramp-time

Coaching

Sales tips, content worth checking out, and some sarcasm in your inbox once a month

Prepare to consider opening up our newsletter.

Podcast

Podcasts

Find out where we'll be next both online and in-person. Access on-demand recordings to reach peak performance. 

Event

Events

Events and Webinars

Get the latest reports and guides from Orum’s team of sales experts. 

Guide

Reports & Guides

Reports and Guides

Stay up-to-date with the newest features in Orum

Product Update

Product updates

Product Updates

The latest content and news from Orum’s sales experts, designed to help you reach peak performance.

Blog

Info

Orum data protection and security concepts around technical and organizational measures follow International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST) standards.

The following measures are subject to change based on operational requirements and the evolution of technology and security threats. These measures apply generally to all transfers contemplated by this Agreement.

The information security organization has established relevant technical standards documented as follows:

All sensitive data is hashed using an HMAC function based on SHA512

HTTPS encryption for data in transit (using TLS 1.2 or greater) on every login interface, using industry standard algorithms and certificates.

Encryption of data at rest using the industry standard AES-256 algorithm

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

Differentiated rights system based on security groups and access control lists.

Secure transmission of credentials using TLS 1.2 (or greater)

Passwords require a defined minimum complexity. Initial passwords must be changed after the first login.

Access controls to infrastructure that is hosted by cloud service provider

Access right management including authorization concept, implementation of access restrictions, implementation of the "need-to-know" principle, managing of individual access rights.

Training and confidentiality agreements for internal staff and external staff

Segregation of responsibilities and duties

Secure network interconnections ensured by firewalls etc.

Logging of transmissions of data from IT system that stores or processes personal data. Logging authentication and monitored logical system access

Documentation of data entry rights and logging security related entries

Customer data is backed up to multiple durable data stores and replicated across multiple availability zones

Protection and encryption of stored backup media

Intrusion Detection System / Intrusion Prevention System (IDS/IPS)

Measures for ensuring the ability to restore the availability and access to personal Data in a timely manner in the event of a physical or technical incident

Continuity Planning and Disaster Recovery Plan

Disaster recovery processes to restore data and processes

Capacity management measures to monitor resource consumption of systems as well as planning of future resource requirements.

Procedures for handling and reporting incidents (incident management) including the detection and reaction to possible security incidents.

Productive data is backed up hourly in incremental form and daily as a full backup. All backups are kept redundant and in encrypted form (AES-256).

Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing

Documentation of interfaces and personal data fields

Security checks (e.g. penetration tests) conducted by external parties

Regular benchmarking and testing with industry standards, e.g. Cloud Security Alliance, Controls for Internet Security, NIST guidelines, etc.

Measures for user identification and authorization

Secure network interconnections ensured by MFA, firewalls etc.

Logging of transmissions of data from IT system that stores or processes personal data

Logging authentication and monitored system access

Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding role and authorization concept in accordance with the “need-to-know” principle.

Measures for the protection of Data during transmission

Remote access to the network via VPN tunnel and end-to-end encryption

HTTPS encryption for data in transit (using TLS 1.2 or greater)

Measures for the protection of Data during storage

Measures for ensuring physical security of locations at which personal Data are processed

Subdivision of the facility into individual zones with different access authorizations

Physical access protection (e.g. steel doors, windowless rooms or secured windows).

Electronic access control system to protect security areas.

Monitoring of the facility by security services and access logging to the facility.

Video surveillance of all security-relevant security areas, such as entrances, emergency exits and server rooms.

Central assignment and revocation of access authorizations.

Identification of all visitors by verification of their identity card and registration (a log of visitors is kept).

Mandatory identification within the security areas for all employees and visitors.

Visitors must always be accompanied by employees.

Measures for ensuring system configuration, including default configuration

Measures for internal IT and IT security governance and management

Dedicated and identified person to oversee the company's information security and compliance program

Information and network security staff holding security certifications

Information Security Management System around development and maintenance of policy and technical standards

Audit programs that use Information Security frameworks for measurement (ISO 27001, NIST, Cloud Security Alliance, SOC 2)

Measures for certification/assurance of Processes and products

Information security or quality management certifications such as ISO 27001, SOC 2, or PCI

Restrict access to personal data to the parties involved in the processing in accordance with the “need to know” principle and according to the function behind the creation of differentiated access profiles.

Strict time limits for data retention and operational mechanisms that guarantee compliance (e.g. automatic deletion of data after predefined time period).

Technological barriers to the unauthorized linking of independent sources of data.

Limitation to the level of detail used in personal data processing: for example, through techniques such as differential privacy, k-anonymity, obfuscation and added noise measurement.

Deletion of metadata generated during certain processes that are not necessary for the pursued goal.

Process for the exercise of data protection rights (right to amend and update information)

Clear documentation of requirements for all data conditions and scenarios

Rigorous data profiling and control of incoming data

Data pipeline design to avoid duplicate data

Measures for ensuring limited data retention

In order to ensure the effectiveness and reliability of such retention schedule, the deletion of such data should be automated and tests should be conducted to ensure the effectiveness of such retention policies.

Assign responsibility to ensure end-user privacy throughout the product lifecycle and through applicable business processes.

Data protection impact assessments as an integral part of any new processing initiative.

Document all decisions that are adopted within the organization from a “privacy and security by design thinking” perspective.

Measures for allowing Data portability and ensuring erasure

Technical And Organizational Measures