We use cookies to make interactions with our websites and services easy and meaningful. By using this website you agree to our use of cookies. Learn more.


Recognition People Love


Welcome to the most complete collection
of employee recognition tools for
celebrating daily wins and team triumphs.
It’s smart. Powerful. Fun.


Give recognition from the apps and programs you use every day with APIs to connect your recognition program to your HRIS, intranet, wellness, performance management, referrals, or CRM software.

•JSON Format for data parameters
•Auth2 is used for the authentication mechanism
•Real time data (other than the reporting APIs)

Single Sign On (SSO) 
O.C. Tanner allows for single sign on using SAML 2.0 or federated login. This allows access to O.C. Tanner’s system from a company’s intranet, for example, without having an additional login.

Recognition anywhere 
API Integrations and Plugins allow employees to give recognition without leaving the apps they use every day including, but not limited to: 

Google Suite
Facebook Workplace
And more

O.C. Tanner's Victories employee recognition software works with Outlook, Slack, Google Suite & Facebook Workplace
Image Component needs to be configured.

HRIS Integrations
O.C. Tanner systems securely share data both ways with HRIS systems to keep employee details up-to-date, trigger recognition moments when a goal is reached or sale is made, inform performance management systems of recognition incidents and frequency, and more. Our open integration works with HRIS programs such as:

Oracle HCM 
Bamboo HR
Ultimate Software
And More

Image Component needs to be configured.


Our information security policies, processes, and practices are solid and airtight – and we can prove that. Our systems and solutions are crafted and selected with security and privacy by design. We have defined and refined processes that maintain security and privacy. We use internal and external audits to validate the quality of our controls, processes, practices, policies, and tools.  We operate in a multi-tenant SaaS model with easy-to-use functionality delivered via web browser and mobile applications. To protect our customer systems, we use industry-leading software and hardware-based DMZ infrastructure with firewalls on both the internet-facing and the internal systems-facing infrastructure. No sensitive information is stored on web servers.

Adhere to NIST CSF and NIST SP-800-53A guidelines, which we use to do a cross-mapping to the ISO controls though reciprocity.

Controls validated through our SOC 2, Type I and Type II reports. 

PCI DSS v3 certified.

Configurable based on client needs, and if the client uses federated SSO, our rules will adhere to your rules.

The system can be scaled horizontally (by adding servers or app instances) with no downtime. This is typically done behind a load balancer. We can do the same to scale vertically onto more powerful hardware and have already optimised our processing power based on historical peak loads. System performance monitoring and ongoing maintenance.

For the services directly related to our Employee Recognition solutions, we operate from a private cloud. The front-end systems that support our SaaS solution leverage industry standard cloud providers (AWS). However, our customer data does not reside within a cloud service. Customer data is stored on dedicated, O.C. Tanner-owned equipment in our SOC 2, Type II certified co-located facilities in the United States.

Image Component needs to be configured.

Data Transmission and Encryption
Our SaaS operates as a three-tiered web environment, with firewalls in front of the web servers and between the web servers and application servers. IDS/IPS monitors traffic at all internet borders.

All customer facing web applications must use TLSv1.2 or higher encryption for all pages where sensitive information may be displayed or entered.

All production data and backup data is encrypted at rest using 256-bit AES. Where practical encryption is to be hardware based.

These data transmission and encryption standards apply to systems hosted in O.C. Tanner’s data centers, as well as by contracted cloud providers.

Continued Compliance
Third party quarterly vulnerability and annual penetration testing. We routinely undergo numerous on-site audits by some of the world’s largest defense contractors and global financial services organisations and have been deemed to be compliant with their standards as well as other industry regulations.

Data Privacy
Our corporate governance program monitors international regulatory requirements that are relevant to our business functions. O.C. Tanner is cognitive of the evolving landscape of Data Security and Privacy laws, proving to be adaptable to related legislation and best practices. 

Data Controls
A third-party validation and certification of our policies, practices and tools. We are SOC 2, Type II certified.


Privacy Shield Compliance
We are in full compliance with all applicable laws and industry regulations. We are also an active participant of the Privacy Shield Framework with the U.S. Department of Commerce.

Global Data Protection Regulation
Global adherence to General Data Protection Regulation (GDPR) and its guidelines for Privacy, Retention, and Right to Erasure. O.C. Tanner fully complies with GDPR in its role as a data processor, where our clients control their employee data provided to us via file transfers and we process this data based on the reasonable written instructions we receive from them time-to-time. 

* Please make sure to fill out the required fields.