Trust Center
Welcome to Orgvue's Trust Center where you can find out all about our security and compliance standards. Orgvue is committed to ensuring the highest security and compliance standards built directly into our platform and our operations. The confidentiality, integrity, availability and privacy of your people data is paramount to Orgvue.
Anglo American
Arqiva
Aviva plc
Bank of Ireland
Danone
Dow
Giant Eagle
IGT
M&T Bank
lululemon athletica
Mars, Incorporated
Sainsbury's
Phoenix Group
Tesco
Wonderful Citrus
- Is SCIM supported?
- Does Orgvue have a formal risk assessment process based on an industry standard framework?
- Does Orgvue incorporate AI technologies into its platform?
- How are Orgvue encryption keys managed for data at rest?
- What restrictions does Orgvue have in place to control access to production environments by the Development teams?
New SOC 2 Type 2 Report Available for Download
We’re pleased to announce that Orgvue has successfully completed its SOC 2 Type 2 audit for the period 01-Oct-2024 - 30-Sep-2025. Orgvue's latest SOC 2 Type 2 report is now available to view and download from our Trust Center. This report demonstrates our commitment to maintaining the highest standards of security for your data.
Update to Orgvue Security Provisions
As part of Orgvue’s ongoing commitment to continually improve security an update to the Orgvue Security Provisions has been released.
In summary the changes include:
-
In section 2.9, a change to the definition of Multi-Tenanted. We’re improving how we protect your data within our multi-tenant architecture. Previously, our platform described customer data separation as achieved through logical segregation and encryption. We’re now introducing Row-Level Security (RLS) — an advanced method that ensures each customer can only access their own data, even within shared database environments. RLS enhances our existing logical data segregation by enforcing data access policies directly at the database level, providing more granular control and transparency over how data is isolated. While the description of our architecture has been refined to reflect this technical enhancement, our commitment to safeguarding customer data remains unchanged. This update strengthens the robustness of our security model and aligns with modern best practices in SaaS data protection.
-
In section 4, we have removed the commitment to validate education and professional certifications as part of background checks for new employees. This check is completed for specific roles only.
-
In section 6.6, an amendment has been made to reflect the support for SCIM (System for Cross-domain Identity Management), which the Orgvue platform now provides.
-
In section 7.1 an amendment has been made indicating that TLS 1.3 is now the default TLS encryption version (TLS 1.2 remains supported).
-
In section 9, an amendment has been made providing commitment to the remediation of vulnerabilities, in line with Orgvue’s vulnerability management process. Remediation timelines are aligned to commonly understood industry best practices.
New SOC 2 Type 2 Report Available for Download
Orgvue's latest SOC 2 Type 2 report is now available to view and download from our Trust Center. This report demonstrates our ongoing commitment to data security at Orgvue.
Orgvue New Sub-processor Notification: Snowflake
Orgvue is adding a new Sub-processor, Snowflake. Snowflake will perform product usage analytics and will process customer email addresses only.
Name: Snowflake
Location of Processing: UK
Website: https://www.snowflake.com/
Purpose of Processing: Product Usage Analytics
Type of Personal Data: customer email addresses
For further information please contact privacy@orgvue.com
Orgvue is now a TX-RAMP Level 2 Certified cloud computing service
Orgvue's TX-TAMP Level 2 certified cloud computing service status can be viewed at TX-RAMP Certified Cloud Products
