Security by Design

This isn’t our first startup. Our team of developers have been around the block and understand not only how to secure data, but why it matters. Oyster’s success as a global employment service provider relies on earning and keeping our Customers’ and Colleagues’ trust. We take security seriously and built Oyster with security in mind.

Standards

NIST CSF
ISO 27001
GDPR

We are pursuing these certifications and building to their specifications. By starting with clear principles and frameworks, our policies and processes reflect a thoughtful approach to security and our everyday work.

Encryption

SSL Encryption is used throughout our application
All data is encrypted in transit
All databases and database backups are encrypted at rest
We apply a second layer of encryption to sensitive data such as bank accounts and NI numbers

Working with up-to-date framework releases, we use tried and tested modules, and apply fundamental security considerations to every aspect of our software design.

Secure Servers

SOC 1,2,3
ISO 27001/27017/27018
PCI-DSS

Your data is securely backed up on a regular basis. And we never move user data out of the secured environment for testing or any other reason.

Oyster Team Access

Unique logins required for all business critical systems
Defined access to different parts of our system
Customer and personal data access is limited by roles
Role-based access is regularly audited and updated

We limit access to our systems and our data to only those who need it, operating on the principle of least privilege.

Monitoring

Continuous resource and infrastructure access monitoring
Third party web property scanning
Security testing as an essential part of our release process
Annual employee privacy and data security training

Building a secure Site and Platform are only the beginning. We monitor our systems to keep them secure and to continuously improve our people, processes and our product.