Security

Enterprise-grade security built into everything we do 

Protecting your data with certified controls, global compliance, and proven operational safeguards.

Security you can rely on—without compromise 

O.C. Tanner takes a rigorous, defence-in-depth approach to security, privacy, and confidentiality. Our technology, processes, and controls are designed to protect customer data at every layer so you can focus on building workplace culture with confidence. 

Icons of AICPA SOC 2 and SOC 3 certifications flanking a purple globe icon labeled ISO 27001:2022 on a black background.

Independent verification. Enterprise assurance.

  • ISO/IEC 27001: 2022 certification
  • SOC 2 Type II Report
  • SOC 3 Public-use Assurance Report
  • PCI DSS compliance
  • Alignment with NIST CSF and NIST SP 800-53A frameworks

Controls are validated through ongoing internal and third-party audits.

Three IT professionals discussing data on a tablet in a server room with racks and green indicator lights.

Security that earns trust at enterprise scale 

Our security posture is validated through:

  • Recurring third-party vulnerability testing
  • Recurring penetration testing
  • On-site audits, by global financial services firms
Data Security
Secure Access & Encryption
Infrastructure & Availability
Privacy & Data Controls
Global Compliance

Strong protections for your most sensitive data 

Our data security policies, processes, and practices are designed with confidentiality, integrity, and availability at their core.

Key Safeguards Include:

  • Secure multi-tenant SaaS architecture delivered via web and mobile
  • Industry-leading firewall-protected DMZ infrastructure
  • No sensitive data stored on web servers
  • Continuous internal and external security audits.

All systems and tools are selected, designed, and maintained with security-first principles.

Secure access, authentication, and encryption standards 

O.C. Tanner employs modern security protocols to safeguard access and data transmission.

Key Safeguards Include:

  • Single sign-on via OIDC, SAML 2.0, or federated login
  • OAuth 2.0 authentication for REST APIs
  • Client-configurable access rules

Encryption

  • TLS 1.2 or higher encryption for data in transit
  • 256-bit AES encryption for data at rest
  • Hardware-based encryption where practical

Reliable, scalable, and resilient systems

Culture Cloud is designed for enterprise-scale performance and availability

  • Horizontal and vertically scalable architecture
  • Load-balanced deployments with no downtime during scaling
  • Private cloud infrastructure for core recognition services
  • Industry-standard cloud providers for front-end Saas delivery
  • Continuous system performance monitoring and maintenance

Robust Data Protection and Security Controls.

Our Information Security leadership team certifies that O.C. Tanner’s systems and services meet applicable trust service criteria for privacy, security, and confidentiality.

  • Soc 2 Type II security, privacy and confidentiality controls
  • ISO/IEC 27001:2022 information security management system controls
  • Clearly defined data access and handling policies
  • Machine-readable data exports for individual data request

Built for global regulatory compliance

O.C. Tanner follows all applicable regional, national, and international privacy and security regulations.

Compliance framework includes:

  • Process for data access, disclosure, and deletion requests
  • Support for regional, state, federal, and international privacy laws
  • Continuous review and updates to security and privacy practices
  • Cross-system identification of personal data
Group of young professionals engaging in a discussion in a modern office with large windows and a computer on the desk.

Security that supports trust, scale, and peace of mind

Align teams, motivate collaboration, and celebrate progress toward what matters most.

Request a demo
Heading
Heading