Security & Privacy

There should be no mysteries about the security and privacy features we implement. It’s a layered process, and it’s a process that works well. This is how we safeguard our entire system so that your information remains safe.

Technology Safeguards

  • All data transfers are encrypted to prevent unauthorized third parties from gaining access to your data. In addition, your account password is stored using a technique called a “one-way hash”. This means that only you (not even Office Control employees) know your password.
  • All access to the “back-end” functions of Office Control is protected with a firewall to ensure that only authorized individuals have access.
  • Minimum password length and password lockout. Your Office Control password must be at least 6 characters long. In addition, we will lock out your account and request that you to reset your password if 5 wrong passwords are entered. This is to prevent unauthorized users from guessing your password.
  • Notification of login from a new device. Every time your account is used on a new computer, you will receive an email notice. This ensures that you are aware if someone logs into your account without your permission.
  • Tracking of IP addresses. Whenever an end-user accesses Office Control, we record their IP address so that we can identify where the request came from. This assists us in the event that a security-related investigation is required.
  • Two-factor authentication. We enable and use two-factor authentication wherever possible for back-end services used by Office Control and it is also available for anyone who is accessing our platform.

Process Safeguards

  • All employees of Office Control are required to complete training on PIPEDA and related requirements to ensure they understand our obligations to protect your information.
  • Limited access. Only employees who have a relevant business need are given access to your personal information.
  • Physical access control. Our servers are in a secure data centre facility in downtown Toronto. This location is disclosed only to Office Control employees. All premises have sufficient physical security measures in place to ensure the confidentiality of your data.
  • SAS 70 certification. We use Amazon Web Services (AWS) as a backup hosting provider if our primary servers ever experience a failure. AWS is SAS 70 certified on an annual basis, and this certification is reviewed annually by a third party and ensures that appropriate controls are in place to limit the risk to your information. For full details, visit https://aws.amazon.com/, and click the “Security” link.

Contractual Obligations

  • Client agreements. Our service agreement, which all clients sign before commencing service, contains a section that outlines our confidentiality obligations to protect their information.
  • Employment agreements. Our employees agree to be bound by our privacy policy and must adhere to everything contained within it. Failure to comply with this policy is grounds for discipline up to and including termination of employment.
  • Subcontractor agreements. From time to time, we may work with third parties to conduct our business. Third parties will only be given access to client data if absolutely required, and in these cases, they will be contractually obligated to follow our privacy policy. Furthermore, we will conduct due diligence to ensure the contractor has sufficient safeguards in place to protect your information.