OutThink’s policies, processes, and procedures are certified to ISO/IEC 27001 and align with SOC2. Our existing customers include international banks, large-scale international enterprise organizations, as well as various financial organizations with equally strict security policies and standards.
OutThink takes reasonable and prudent measures to safeguard the security of the customer data in its possession. Our security personnel operate OutThink’s Information Security Management System (ISMS), which encompasses high-quality network security, endpoint security, application security, identity and access control, change management, vulnerability management, supply chain management, disaster recovery, governance & compliance, physical security and people/HR security.
OutThink are listed on the Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) registry, which encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. You can view OutThink’s listing here.
Customers on our Enterprise plan are permitted to undertake their own security assessments of the OutThink Platform, subject to strict adherence of our Security Assessment Agreement. Contact your Customer Success Representative for more information.
Whether or not you are an Enterprise customer, if you find a vulnerability, please follow our Responsible Vulnerability Disclosure process to report it to our security team.
All OutThink employees undergo regular security awareness training and assessments, delivered via the OutThink platform. New joiners are automatically assigned mandatory comprehensive security training. As an organization, we continuously test our employees’ awareness through various types of phishing simulation campaigns, including ground-breaking Microsoft Teams based exercises and individually tailored learning experiences. We also ensure regular scheduled affirmations of policy awareness, for example, our internal Acceptable Use Policy and Information Security Policy.
OutThink are a pioneer in Human Risk Management, and we “eat our own dog food”. We leverage the OutThink platform to comprehend our employee behaviors, attitudes, and intentions during our cybersecurity awareness training and simulations. We integrate with our existing security systems, in particular Microsoft Graph API, Defender and our SIEM to enable us to pinpoint any high-risk groups, dissect the root causes of risk, and address critical questions.
Prior to onboarding sub-processors, OutThink conducts an audit of the security and privacy practices of such sub-processors to ensure the sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Sub-processors are re-authorized upon contract renewal or on an annual basis.
You can view our approved and validated sub-processors here.
OutThink is a SaaS solution deployed as a multi-tenant, shared-resource architecture that is hosted in Microsoft Azure’s world-class data centers. Microsoft has numerous certifications, including ISO/IEC 27001 and SOC2. For additional clarification, visit the Microsoft Service Trust Portal here.
We closely monitor and publish our uptime statistics and our service is subject to strict Service Level Agreements with our customers. You can view our current and historical service levels here.
Application and database upgrades are performed using the blue/green deployment method making the OutThink Change Management Process transparent to our customers. If a deployment requires a planned outage, we notify our customers via our Customer Success Team and the OutThink platform status page.
© 2023 OutThink Ltd. Company no. 096433149.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.