Combine workplace management and space planning with full employee experience capabilities in a single, central hub
Improve workplace efficiency and space accounting with a scalable, highly configurable enterprise platform
Enterprise security has always been a high priority, but the pandemic revealed just how vulnerable many organizations are to data breaches. And considering the fact that nearly 60% of organizations have experienced a breach from a third-party provider, your IT team will be vetting every tech solution more carefully — including your workplace software vendor.
If the provider you’re considering doesn’t check their boxes, your company won’t move forward with the purchase, setting your implementation timeline back several months.
By better understanding what your IT team needs to know as you research workplace software vendors, you’ll be in a better position to separate the leading contenders from those that won’t make the cut.
As a workplace software company that supports global enterprises with the most stringent requirements, we’ve worked hard to maintain best-in-class security measures for our integrated workplace management system (IWMS).
Here are 25 questions your IT department will likely ask and how a good vendor should answer them.
You need to be sure your workplace software vendor backs up your data regularly and securely so you can recover it if needed. iOFFICE performs 35 days of daily and point-in-time incremental backups. These are securely transferred and stored using the same level of encryption as the primary database. This allows for point-in-time recovery, with updates as often as every five minutes.
Your vendor should routinely test their backup and recovery process. iOFFICE tests our entire process, including restoring entire systems from backup.
Your software vendor should have a process in place to protect backups from unauthorized access and render the information unreadable at the end of its useful life. iOFFICE securely transfers and stores backup data in the geo-redundant, paired Azure data center. This means it is distributed across multiple areas so if one server fails, your company won’t experience downtime.
The key here is to make sure you understand any third-party providers who may be involved in storing data and what protections they have in place. For instance, do they prohibit removable media at those locations?
Any workplace software vendor should be able to demonstrate a proven track record of reliability. They should be transparent about any outages for failures and share the fastest and slowest times to recovery in each instance so you are aware of the worst-case scenario.
This is another enterprise security question that comes down to reliability. Fault tolerance involves having a system in place to detect a hardware issue and switching over to another component to avoid downtime. High availability uses both software and hardware to restore a system that is down. iOFFICE has redundant systems to allow for high availability and has had nearly 100% uptime in the past six months.
The National Institute of Standards and Technology establishes recommendations for data retention, so your workplace software vendor should be familiar with it. We destroy backup data after 35 days according to NIST.
If a natural disaster affects one of your data storage sites, you want to make sure you’ll be able to retrieve that data and transfer it to a backup facility if necessary. For iOFFICE, the expected recovery time is 72 hours. The recovery point objective, or the amount of data that can be lost within a critical period of time, is 24 hours. We test our recovery program annually.
Enterprise security requires constant vigilance, so your IT team will want to know more about the team that works for your workplace software vendor. Is it just one person, or do they have a larger group? What are their roles and responsibilities? Their experience? iOFFICE has an experienced team of 10 security professionals.
A detailed security policy should cover all essential areas, including:
Your IT team may want to know more about specific areas, so keep this in mind as you talk with your prospective workplace technology provider. Don’t hesitate to ask for documentation.
Any reputable workplace software vendor should follow established standards for storing and protecting data. iOFFICE maintains ISO 27001 certifications for data storage locations and can provide an attestation of controls for processing locations. We have undergone multiple customer audits in the past 12 months.
Penetration testing is an important way to identify enterprise security vulnerabilities that could result in a data breach. iOFFICE performs penetration testing annually, and we have never experienced a data breach.
Globally, companies experienced a 20% increase in security breaches due to employees working remotely during the COVID-19 pandemic, according to a report by Malwarebytes. About a fourth of those companies had to pay unexpected costs to address those breaches.
That’s why it’s critical for employees to understand what is expected of them when it comes to enterprise security policies, whether they are working in the office or remotely.
The workplace software provider should have established policies for employees and communicate those policies to them clearly. Those policies should also apply to any freelance employees, consultants, or contract workers.
All iOFFICE employees receive quarterly security awareness reminders, phishing awareness emails, and annual acknowledgments of our security policies.
All employees should undergo criminal background checks, especially those with access to sensitive information. That includes janitorial staff and other third-party contractors.
Every organization should have a way for employees or others to report suspected security incidents. That includes any ransomware or denial-of-service attacks, unauthorized access to systems, software, or data, any equipment that is lost or stolen.
Before agreeing to work with any software company, your IT department will want to know more about their processes for identifying security vulnerabilities. iOFFICE performs daily server upkeep. Our firewalls are configured with deny-by-default rules and all unused ports are closed. Our network is segmented into network security groups for further isolation and security. Additionally, we scan our web application daily against OWASP vulnerabilities and address any findings as we discover them.
Just as your workplace software vendor tests their network, they should also test their code to ensure it follows OWASP guidelines and identify any vulnerabilities. iOFFICE performs robust quality assurance throughout the software development lifecycle. That includes tracking all changes using a ticketing system and testing the performance and functionality of all software internally and with a third-party testing provider.
Look for a workplace software vendor that follows industry standards (such as ISO 27001) and includes physical security controls. That includes using employee badges to manage access control, surveillance cameras, security guards, and other safeguards. iOFFICE’s physical controls are consistent with Tier 4 data center requirements and reviewed in annual SOC2 compliance reports.
Single sign-on integration (SAML) 2.0 is an industry standard for authenticating access. iOFFICE supports it, and so should any workplace software vendor you choose. They should be able to provide documentation that explains the process for enabling SAML within your application.
Some workplace software vendors perform updates that result in extensive downtime, which is frustrating for everyone. The iOFFICE team makes updates frequently and automatically, with little to no disruption to users.
Scheduled maintenance is sometimes necessary, but it should not cause an inconvenience to users. Most system maintenance iOFFICE performs does not result in any downtime. If it does, it is typically no more than two hours during non-peak times, and we announce it two weeks in advance.
All API unit calls should be authenticated and encrypted by 128-bit or greater encryption.
Your software provider should make it easy for you to transfer your data even if you’re moving to a new solution. iOFFICE customers can transfer data using our open REST API or a flat file integration. At the end of a contract, we comply with requests to delete data within 10 days and remove it completely from backups within 35 days. We also delete the customer database and remove any remaining information from backups.
Before investing in a new solution, you want to make sure it integrates well with your existing technology. Be prepared to discuss the systems you currently use and ask your software provider how they will integrate with them.
iOFFICE integrates with any third-party applications using REST API and secure SFTP file transfer. For a detailed guide on all our integrations and how to set them up, IT leaders can refer to this resource.
Both SOC1 and SOC2 compliance demonstrate a company’s commitment to standardization and enterprise security in different ways. iOFFICE has completed a SOC2 report for our data centers and is working to complete one for our applications.
Gaining approval from your IT department might seem like a frustrating final hurdle, but they’re just doing their job to protect your organization from data breaches. By taking the time to understand their concerns and proactively addressing them, you’ll be on your way to a faster workplace software implementation.
It may feel intimidating, but our team is here to help you through it. If you’re ready to bring your IT department into the conversation, schedule a consultation with us.
As the VP of Product Strategy, Chad David Smith wears many hats that leverage his 20+ years of experience in the industry. Chad collaborates directly with clients and partners as well as with the iOFFICE client experience, client success, sales, marketing and development teams to create the most innovative and valued solutions for our clients.