OiX Government works in tandem with customer agencies to develop pioneering security, privacy and compliance practices. Although a startup, our company has years of experience in its tam on implementation, maintenance and innovation in both Blockchain and Cloud development and management. Our teams focus on ensuring that we meet our own security and compliance standards consistently without fail as well as help our customers meet their compliance and regulatory requirements.
OIX has standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
OIX adopts NIST Security standards FIPS compliant cryptography module to prove the authenticity and integrity of the digital assets.
The OIX security authorization uses the FedRAMP requirements, which are FISMA compliant and based on the NIST 800-53 rev3, (800-53, 8003-47) and FIPS 199 and 200
We address security risks on a continuous basis across our infrastructure inclusive of hardware, software, network and manpower. We have key focus on intrusion detection and prevention systems, denial of service attack prevention and regular penetration testing. With OiX, our customers can greatly reduce their own investment on these capabilities and benefit from economies of scale that is set in by our enterprise wide security initiatives.
OiX networking delivers the infrastructure needed to securely link the Virtual Machines to one another and to connect the on-premises data centers with deployed OiX VMs. OiX blocks unapproved traffic to and within our data centers by using a variety of technologies including but not limited to firewalls, partitioned Local Area Networks, and physical separation of back-end servers from public-facing interfaces.
Some of our measures are
We rely on both technological safeguards, including but not limited to end-to-end encrypted communication and streamlined and monitored operation processes to help maintain security of Customer Data. Our scalable and adaptable setup means that customers can easily implement additional Security measures and encryption and manage their own keys.
OiX believes that we have an obligation to keep security measures in place so that they can rest assured that there is a robust infrastructure taking care of their privacy concerns. We also go all-out to ensure that our Service Management measures are transparent so that customer has clear visibility of where their data is and who has access to it.
Here is an abstract of our security approach:
OIX customers remain responsible for complying with applicable compliance laws and regulations. In some cases, OIX offers functionality (such as security features), enablers, and legal agreements (such as the OIX Data Processing Agreement and Business Associate Addendum) to support customer compliance.
No formal certification is available to (or distributable by) Open Investment Exchange cloud service provider within these law and regulatory domains.
OIX pursues disparate security and compliance standards across geographies and verticals, including ISO 27001, FedRAMP, and PCI DSS, CESG (UK), Singapore Multi-tier Cloud Security (MTCS) standards and applicable EU data protection laws. This means that customers, with existing deployments elsewhere, wishing to transfer personal data from the European Economic Area (EEA) to other countries can do so knowing that their content in OIX will be given the same high level of protection it receives in the EEA. OIX aspires to reduce the effort needed to perform audits, since these tasks become routine, ongoing, and automated. By spending less time on manual activities, manages risk and improves security posture.