Close

We use cookies to make interactions with our websites and services easy and meaningful. By using this website you agree to our use of cookies. Learn more.

Unite

Turn every corporate event into a chance to create something special that brings people together around a shared purpose. To celebrate, connect, and have fun doing it.

WORKSTREAM™
SSO & OPEN
INTERGRATION

Essentials
Give recognition from the apps and programs you use every day with APIs to connect your recognition program to your HRIS, intranet, wellness, performance management, referrals, or CRM software.

REST APIs
•JSON Format for data parameters
•Auth2 is used for the authentication mechanism
•Real time data (other than the reporting APIs)

Single Sign On (SSO) 
O.C. Tanner allows for single sign on using SAML 2.0 or federated login. This allows access to O.C. Tanner’s system from a company’s intranet, for example, without having an additional login.

Recognition anywhere 
API Integrations and Plugins allow employees to give recognition without leaving the apps they use every day including, but not limited to: 

Outlook
Slack
Google Suite
Facebook Workplace
And more

HRIS Integrations
O.C. Tanner systems securely share data both ways with HRIS systems to keep employee details up-to-date, trigger recognition moments when a goal is reached or sale is made, inform performance management systems of recognition incidents and frequency, and more. Our open integration works with HRIS programs such as:

Workday
SAP
Salesforce
ADP
Oracle HCM 
Infor
Kronos
Bamboo HR
Ultimate Software
And More

DATA SECURITY

Essentials
Our information security policies, processes, and practices are solid and airtight – and we can prove that. Our systems and solutions are crafted and selected with security and privacy by design. We have defined and refined processes that maintain security and privacy. We use internal and external audits to validate the quality of our controls, processes, practices, policies, and tools.  We operate in a multi-tenant SaaS model with easy-to-use functionality delivered via web browser and mobile applications. To protect our customer systems, we use industry-leading software and hardware-based DMZ infrastructure with firewalls on both the internet-facing and the internal systems-facing infrastructure. No sensitive information is stored on web servers.

Adhere to NIST CSF and NIST SP-800-53A guidelines, which we use to do a cross-mapping to the ISO controls though reciprocity.

Controls validated through our SOC 2, Type I and Type II reports. 

PCI DSS v3 certified.

Authentication
Configurable based on client needs, and if the client uses federated SSO, our rules will adhere to your rules.

Collection
The system can be scaled horizontally (by adding servers or app instances) with no downtime. This is typically done behind a load balancer. We can do the same to scale vertically onto more powerful hardware and have already optimized our processing power based on historical peak loads. System performance monitoring and ongoing maintenance.

Storage
For the services directly related to our Employee Recognition solutions, we operate from a private cloud. The front-end systems that support our SaaS solution leverage industry standard cloud providers (AWS). However, our customer data does not reside within a cloud service. Customer data is stored on dedicated, O.C. Tanner-owned equipment in our SOC 2, Type II certified co-located facilities in the United States.

Data Transmission and Encryption
Our SaaS operates as a three-tiered web environment, with firewalls in front of the web servers and between the web servers and application servers. IDS/IPS monitors traffic at all internet borders.

All customer facing web applications must use TLSv1.2 or higher encryption for all pages where sensitive information may be displayed or entered.

All production data and backup data is encrypted at rest using 256-bit AES. Where practical encryption is to be hardware based.

These data transmission and encryption standards apply to systems hosted in O.C. Tanner’s data centers, as well as by contracted cloud providers.

Continued Compliance
Third party quarterly vulnerability and annual penetration testing. We routinely undergo numerous on-site audits by some of the world’s largest defense contractors and global financial services organizations and have been deemed to be compliant with their standards as well as other industry regulations.

Data Privacy
Our corporate governance program monitors international regulatory requirements that are relevant to our business functions. O.C. Tanner is cognitive of the evolving landscape of Data Security and Privacy laws, proving to be adaptable to related legislation and best practices. 

Data Controls
A third-party validation and certification of our policies, practices and tools. We are SOC 2, Type II certified.

GLOBAL
COMPLIANCE

Privacy Shield Compliance
We are in full compliance with all applicable laws and industry regulations. We are also an active participant of the Privacy Shield Framework with the U.S. Department of Commerce.

Global Data Protection Regulation
Global adherence to General Data Protection Regulation (GDPR) and its guidelines for Privacy, Retention, and Right to Erasure. O.C. Tanner fully complies with GDPR in its role as a data processor, where our clients control their employee data provided to us via file transfers and we process this data based on the reasonable written instructions we receive from them time-to-time. 

* Please make sure to fill out the required fields.