Overcast maintains and applies a Physical Access Control Policy (eg office building, data centre, etc) including 24 hour CCTV coverage of access points.
Access controls to protect against unauthorised disclosure of sensitive information are applied in production and non-production environments.
Overcast supports the integration with client’s identity and access management systems including single sign on and multi-factor authentication.
To access the overcast platform, user information is authenticated and Overcast:
- Hides passwords typed on-screen
- Logs the user’s timestamp, location and failed logins
- Forces a password change on first login
- Assigns a unique ID
- Disables dormant accounts on a regular basis
All staff are required as part of their onboarding to read and accept guidelines around Data Protection and Privacy. Confidentiality agreements are in place with all clients as part of a standard contract. NDAs are also in place with all employees and contractors as part of their standard contract. Third parties employed to provide services to Overcast (Stripe, AWS) are all ISO27001:2013 compliant. Our information security adheres to GDPR Best Practice.
Access to data follows Identity by Design principles and the Principle of Least Privilege which provides access to the system and data on a per user / per need basis. There is a separation of roles (Superadmin, admin, user, collaborator) with granular controls to safeguard the access to sensitive data.