Our product is designed with security in mind. We make sure security is a core component at every stage of the development lifecycle. Right from the initial planning stage, new features and projects are assessed in terms of their impact on privacy and security. At the design stage, low-level security issues are addressed and approved by the CTO. During development, our programmers abide by programming best practices, such as OWASP. Finally, before every release, our QA team carries out security testing and vulnerability scanning.
We’ve designed the application with security features that allow you to protect your account and enforce your organizational security policies. We provide custom security settings and tools to prevent unauthorized access to your data. With features like account lockout, password policies, and session settings, you can secure your account to the highest degree possible.
ScheduleOnce is hosted on dedicated US servers of the highest tier, maintained with 99.999% uptime. We use a combination of dedicated Windows and Linux-based physical and virtual machines, keeping your data on our very own private cloud. Your data is protected at the source, with physical access that is tightly controlled and secured at our SOC 2 audited hosting facilities.
Our infrastructure is regularly updated to keep up with security patches and firmware improvements. Third-party security experts perform periodic penetration testing to ensure we haven’t overlooked any potential vulnerabilities.
Security controls are only as strong as the people who implement them. We are committed to employing competent individuals who possess the skills required to successfully implement the company’s security objectives. We have strong policies and recruitment processes in place, and we continuously strive to improve through internal audits and process enhancements.
Our employees undergo a rigorous screening process to ensure they are suitable individuals to provide our service and to access customer data. Background checks are performed prior to hiring, and every new employee is required to sign confidentiality and information security policies upon joining the organization. All employees are required to undergo mandatory Security and Privacy training on an ongoing basis. Access to data is approved by a manager on a case-by-case basis, and in case of employment termination, we execute policies that revoke access quickly and effectively.