Programs & policies
Security commitments are set forth in our agreements. Omnissa maintains appropriate technical and operational measures as set forth in these agreements.
Information
security program
Omnissa strives to achieve a high level of information protection standards and commits to the fundamental principles required for the protection of company information resources, controls to ensure compliance, and security practices required to uphold the company’s reputation with our clients.
Information
security policies
Omnissa has implemented and maintains a complete set of information security policies based on international standards ISO/IEC 27001 and consistent with industry-accepted practices and security frameworks. Our information security policies define requirements for the protection of our information and information systems. You can view descriptions and key elements of Omnissa information security policies here.
Commitment
to security
Omnissa is committed to protecting the integrity, confidentiality, and reliability of our information and information systems from unauthorized disclosure, removal, acquisition, modification, or destruction.
Omnissa’s information security management and information security policies are the foundation for the security of our information assets and our obligation to our customers regarding information confidentiality, integrity, and availability. Security commitments are set forth in our agreements. We maintain appropriate technical and operational measures as set forth in these agreements.
Omnissa
supply chain security
Operate with confidence of security. View our commitment to keeping your data safe at rest and in transit for your cloud, hybrid, and on-premises deployments.
How we protect your supply chain
Trust that security is integrated into our products and services from day one. We have established programs and practices that identify and mitigate security risks during and throughout the software development process. Through these activities, Omnissa delivers secure products and solutions for
its customers.
Security Development Lifecycle (SDL)
Omnissa pairs world-class security partnerships with an industry-leading SDL process, programmatically ensuring cloud operations and security controls align with industry benchmarks and best-practices.
Cloud services security
Trusted security in the cloud is achieved through the partnership of shared responsibilities between customers and Omnissa.
Security Vulnerability Response Team (VRT)
The VRT leads the analysis and remediation of security issues in Omnissa products once products have been released to customers.
Security awareness
Omnissa has established a program to raise security awareness and competency within the Omnissa R&D community through formal and informal training.
Information security management system
Omnissa has established a Cloud Services Information Security Management System (ISMS) that is based on ISO/IEC 27001. The ISMS was established to protect the confidentiality, integrity, availability, and privacy of confidential data. Omnissa considers all customer data contained within the service scope to be cloud customer data.
Third party vendor management
Security of Omnissa information and information systems is not reduced when working with third parties.
Omnissa has established requirements for managing this risk.
Third party vendor management policy
Omnissa has a documented Third-Party Vendor Management Policy and follows a documented third-party vendor onboarding process to assess, manage and monitor our third-party vendors. Sourcing and business teams collaborate with information security risk to ensure a risk-based approach is taken with respect to all third parties to ensure the security of information assets. Omnissa vendors (“suppliers”) do not have access to customer data/information unless required by a particular service offering.
In addition, Omnissa implements required technical and organizational measures in agreements to protect customer content, to assist with data subject requests and to protect personal data in compliance with applicable data privacy and protection laws and regulations.
Security response
Learn more about Omnissa’s external security vulnerability response policies.
Omnissa external vulnerability response & remediation policy
We understand that unless our products adhere to the utmost standards for security, customers will lack the confidence to use them. To achieve this, Omnissa maintains a program to identify, respond, and manage vulnerabilities. This Security Response Policy outlines the process utilized by Omnissa.
How to report vulnerabilities
If you discover a vulnerability in an Omnissa product or service, kindly inform us by sending a confidential email to security@omnissa.com. Omnissa follows responsible vulnerability disclosure protocols, where researchers report newly identified vulnerabilities directly to us, allowing prompt mitigation before public disclosure, and may receive acknowledgment for their efforts.
Safe harbor
Engaging in activities consistent with this policy will be deemed authorized, and Omnissa will refrain from pursuing legal action against you. Should a third party initiate legal proceedings related to activities under this policy, we will endeavor to affirm your compliance.
Omnissa security advisory (OMSAs)
Omnissa discloses vulnerabilities in Ominssa security advisories. OMSAs will include:
- CVSS scoring & severity rating
- Affected products/services
- Vulnerability details
- Remediation information
- Acknowledgements