As experts, we take this stuff seriously
This isn’t our first startup. Our team not only knows how to secure data, but why it’s so important. Our standards are high and we’re committed to continuously improve our people, processes, and product so you feel confident working with us.
Demonstrating our leadership in compliance is key for building your trust. We engage outside auditors for verification of our compliance against global standards and industry best practices.
Oyster achieved a clean SOC 2 Type II report in 2022
Penetration testing is conducted on a regular basis
Oyster is compliant with various data protection laws, including the General Data Protection Regulation (GDPR). Our Data Processing Addendum is automatically incorporated into our Terms and it applies GDPR standards to all the personal data we process—regardless of where the data subject is located. We also employ privacy-by-design principles throughout our software development lifecycle in accordance with GDPR standards.
We have a publicly-facing security incident reporting helpline here to ensure our customers can access fast support. All incidents are routed to designated teams, investigated according to our Incident Response Policy, and addressed in accordance with applicable law.
Business Continuity and Reliability
We understand that our customers need readily available access to the Oyster platform. Hosted by AWS, the Oyster platform relies on the Amazon S3 Service Level Agreement. Oyster platform data is backed up on a regular basis in case of a system failure. We target full system recovery in less than five hours with a recovery point objective of two minutes or less.
By default, Oyster uses 2FA and single sign-on (SSO). If you use another SSO provider, we’ll gladly integrate it to ensure user-friendly and secure access to our platform.
Drata is a security and compliance automation platform that continuously monitors Oyster’s policies, procedures, and IT infrastructure to ensure the company adheres to industry standards.
Breachlock is a Penetration Testing as a Service (PtaaS) platform that continuously monitors the Oyster platform for vulnerabilities and threats.
Oyster’s operations are guided by a comprehensive package of security policies. We review our policies on a regular basis and conduct training to ensure customer, Team Member, and staff data is always handled diligently.
Take it for a spin
See how the Oyster platform can transform your business.