Trust Center

Start your security review
View & download sensitive information
Search items

Overview

Welcome to Orca Security's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information

Orca Security is reviewed and trusted by

Unity-company-logoUnity
SAP-company-logoSAP
Digital Turbine-company-logoDigital Turbine
Autodesk-company-logoAutodesk
Wix-company-logoWix
Gannett-company-logoGannett
Lemonade-company-logoLemonade
Wiley-company-logoWiley
Vercel-company-logoVercel
Sisense-company-logoSisense
Docebo-company-logoDocebo
FourKites-company-logoFourKites
Network Diagram
Pentest Report
SOC 2 Report
SOC 2 Summary Report
ISO 27001
ISO 27017
ISO 27018
Subprocessors
SOC 2
Product Architecture
Anti Corruption
Code of Conduct
Service-Level Agreement
Penetration Testing
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Backup and Data Retention Policy
Business Continuity and Disaster Recovery Policies
Cloud Security Policy
Data Classification Policy
Environmental, Health and Safety Plan
Incident Response Policy
Information Security Policy
Logging and Monitoring Policy
Operations Security Policy
Password Policy
Physical Security Policy
Risk Management Policy
Software Development Lifecycle
Third Party Security Policy
Vulnerability Disclosure Policy

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective4 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Report
SOC 2 Report
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Bot Detection
Code Analysis
Credential Management
View more

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Officer
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Data Loss Prevention
Firewall
IDS/IPS
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

SecurityScorecard
Orca Security
Security Scorecard A grade
CryptCheck
Orca Security
A+

Trust Center Updates

Libwebp CVE-2023-4863

VulnerabilitiesCopy link

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Orca considers this vulnerability remediated. Orca Security promptly patches zero-day and critical vulnerabilities leveraging central asset management and Orca Platform, with detection and remediation capabilities. In addition, Orca implements security check in the code evaluating any vulnerable dependencies. We keep monitoring for this vulnerability and many more.

Sincerely, the Orca Security team

Published at N/A

HTTP/2 Rapid Reset Attacks and Vulnerability

VulnerabilitiesCopy link

Our company remains unaffected by the HTTP/2 vulnerability, thanks to the robust protections offered by AWS CloudFront, AWS WAF and the expeditious protection of our Orca Platform. Orca diligently reports about zero-day, new and trending vulnerabilities for all our production assets and cloud infrastructure. We make sure our infrastructure and service is not disrupted leveraging the above described solutions, while DDoS can only be contained, we took all needed measures on the matter.
If you are a customer and you have any additional inquiries, you are welcome to reach us in compliance@orca.security or to submit an RFI to your CSM.

Sincerely, the Orca Security team

Published at N/A*

MOVEit vulnerability

VulnerabilitiesCopy link

Orca Security has conducted a thorough investigation of the MOVEit vulnerability and has determined that our company is not affected. We have also confirmed that none of our security sub contractors are affected.

The MOVEit vulnerability is a critical security flaw that could allow an attacker to gain unauthorized access to sensitive data. We take the security of our platform very seriously and are committed to providing our customers with the highest level of protection.

If you have any questions or concerns, please do not hesitate to contact us.

Sincerely, the Orca Security team

Published at N/A*

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo