Orgvue Data Encryption

Owned by Paul Coleman
Last updated: 11 Nov 2022
1 min read

Is Orgvue data encrypted?

All Orgvue data is encrypted at rest through the application via AES-256. All Orgvue data is encrypted in transit using TLS 1.2 or better. TLS 1.3 is supported.

How is Orgvue data segregated between customers?

As a multi-tenanted SaaS architecture, Orgvue customer data is logically segregated using separate table namespaces (schemas) per tenant. At the storage layer Orgvue customer data is encrypted at rest via AES-256.

How are Orgvue encryption keys managed for data at rest?

Orgvue leverages the AWS KMS (Key Management Service) for encryption key management. The KMS is designed so that no party can ever access the master keys. The KMS uses FIPS 140-2 validated hardware security modules (HSMs) to generate and protect keys. Keys are only used inside these devices and can never leave them unencrypted. Master keys are rotated annually.

Orgvue Workspace and Workforce Planning

  • Within Orgvue Workspace, individual Orgvue customer tenants are logically segregated and encrypted with a dedicated encryption key.

  • Within Workforce Planning, encryption at rest is performed at the storage layer and managed by RDS Aurora storage layer encryption. Amazon Aurora encrypted DB clusters use the industry standard AES-256 encryption algorithm to encrypt data. Customer data is logically segregated but is not individually encrypted. While data processed within Workforce Planning is categorized as Personal Data, the data is aggregated.