This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Security and Trust

Understand On-Call Optimizer’s layered security approach and access trust resources.

1 - Reporting Issues

Vulnerability reporting and management for On-Call Optimizer

If you believe you have found a vulnerability in On-Call Optimizer, or are seeing unexpected behaviour that you believe has security implications, please follow the guidelines below.

Reporting a Vulnerability

To report a security concern, please email us at urgent-issue@oncall-optimizer.com with a description of the issue and steps to reproduce (if known).

Authenticated On-Call Optimizer users can access a token from the help page within the application at https://app.oncall-optimizer.com/help. Please include this token in your report to ensure faster notification and response.

Responsible Disclosure

Upon discovering a vulnerability:

  • Submit your findings to us via the instructions above.
  • We will acknowledge your submission within 1 working day and provide you with a named contact person.

Once a vulnerability has been reported

  • We will analyse your reported vulnerability and describe our planned response within 5 working days. If our response indicates that further time is needed beyond this initial period we will maintain regular updates to inform you of the progress.
  • We may invite you to further collaborate with us to ensure the vulnerability is dealt with as effectively and efficiently as possible.

Once a fix for a vulnerability has been deployed

  • We will notify any affected customers of the vulnerability and its solution.
  • If you desire, we will acknowledge your work in discovering, reporting and helping to resolve the vulnerability.

At all times, we expect you to act with professionalism, maintaining a high standard of conduct, including confidentiality. We expect any discovered vulnerability is reported directly to On-Call Optimizer in the first instance, in order to allow us to protect our customers as effectively as possible.

Acknowledgements

If you have found a vulnerability in On-Call Optimizer and follow the responsible disclosure process, we will acknowledge your contribution publicly on this page if requested.

2 - Certifications

Details of the standards and certifications On-Call Optimizer has achieved

On-Call Optimizer is designed and architected to be secure, protecting the confidentiality, integrity and availability of your data. We pursue independent third-party certifications to demonstrate our commitment to security and compliance.

Access to certification documents and related policies can be requested via our trust center.

SOC2

SOC2 is a widely recognized standard for security and compliance. On-Call Optimizer is committed to achieving a SOC2 Type 2 certification and is engaged in the audit process to fulfil this committment.

Latest Update

As of November 2024, Advantage Partners has been selected and a contract signed to complete a SOC2 audit of On-Call Optimizer. The final pre-review checks and evidence gathering work is underway with the SOC2 audit phase planned to commence in early 2025.

Next Steps

  • Complete audit pre-review engagement with Advantage Partners (December 2024).
  • Complete SOC2 audit and receive certification (Q1-Q2 2025).

Penetration Testing

In addition to security certification, On-Call Optimizer is also subject to external penetration testing to independently validate the security of our systems.

Latest Update

As of November 2024, Capture the Bug has been selected a contract signed to complete an external black-box penetration test of On-Call Optimizer.

Target Dates

  • End of December 2024: Testing work completed.
  • End of January 2025: Penetration test report available for customer distribution.

Other certifications

If you need evidence of compliance with another cerification, please contact us at compliance@oncall-optimizer.com.

3 - Trust Center

The central point for access to certification and policy documents for On-Call Optimizer customers.

To access the On-Call Optimizer trust center please visit the following address:

https://mkmba-limited.trustshare.com/

By default the trust center provides an overview of On-Call Optimizer’s compliance program. Please use the links provided in the center to request additional access to certification and policy documents if required.

If you have further questions, please contact us at compliance@oncall-optimizer.com.