Security & Compliance

Your data is safe
with us.

Advanced Security. Strict Compliance.

As a leading innovator in transaction processing and critical communications, OSG recognizes and appreciates the trust you place in us to process your work, and we take that responsibility very seriously. We continue to do our best to ensure that our processes, controls, and standards provide the highest level of secured transaction communication services. OSG has implemented extensive security measures, and continues to invest in the people, processes, and technology that are designed to ensure the integrity, confidentiality, availability, and security of all client-provided data and transaction communications.

Overview

Service Organization Control Reports

As part of an ongoing commitment to the quality, integrity, and security of services provided to our clients, and by extension to the services offered to your customers, OSG conducts several SSAE-18 Service Organization Control (SOC) audits each year. SOC1 Type-2 audits include control objectives and activities relevant to the security controls of our clients, while SOC2 Type-2 audits are conducted based upon the AICPA Trust Principles and controls related to Security, Confidentiality, and Availability. SOC Audit Reports in alignment with the services provided are available to clients upon request.

aicpa soc logo

Compliance

Depending upon your business need, OSG offers services that follow GLBA, HIPAA, HITrust, IRS, NIST, and PCI information security standards and controls relevant to the services provided. Some services regularly undergo information security examinations and audits by regulators including the Federal Financial Institutions Examination Council (FFIEC), the Center for Medicare & Medicaid Services (CMS), and the IRS. Independent Payment Card Industry Data Security Standards (PCI DSS) audits are conducted at least annually for payment-related services. Virtually all examinations and audits typically include a full range of risk-based assessments of OSG systems, physical and logical security, processes, controls, and standards.

HIPAA Compliance PCI DSS Compliance

Network & Data Security

OSG has implemented redundant circuits with carrier diversity, and a multi-layered approach to network and information security. Separate firewalls and DMZs are deployed to handle pre-authorized circuit-based connections and support SFTP and internet-based VPN connections. Firewalls are configured to monitor, detect, and prevent intrusions and traffic that may be related to nefarious attacks. Public-facing servers are deployed in DMZ segments behind internet or web-application firewalls.

OSG’s systems perform real-time network, systems, application, security, performance, and software patch monitoring. Internal and external vulnerability and patch management scans are performed on a regular basis. Control alerts are generated when designated thresholds have been detected in critical areas, and software patches and updates are routinely applied. Viruses and other malicious software are kept in check through network-edge anti-virus, anti-spyware, and intrusion-prevention systems.

Physical Security

Access to OSG facilities is managed by integrated card-access systems and CCTV digital video recordings. Security cameras are strategically located throughout each facility, providing ongoing CCTV surveillance and video retention. Biometric controls are also in place in some facilities.

Expect safety. Expect security.

CONNECT WITH US >
Let's Get Started

OSG is now

Additional details can be found at EverView.io/launch