Compliance and certification
- maintained ISO27001:2013 certification since 2015
- retained Cyber Essentials Plus certification since 2016
Opus 2 Services and Agreements meet global legal and regulatory requirements, including but not limited to:
- General Data Protection Regulation (GDPR)
- UK GDPR
- California Consumer Privacy Act (CCPA)
- Singapore Personal Data Protection Act
- Australian Privacy Act
- Canada Federal Personal Information Protection and Electronic Documents Act
Authentication and authorisation
There are several authentication methods in place to increase the security of accounts. This includes a client-defined password policy and several options for multi-factor authentication. It is also possible to link to your Single Sign-On provider to centralise account control and authentication policies.
As a client, you have full control over the permissions for each user you register to the platform. You can create, modify, and remove users based on your own internal policies.
Encryption at rest
All customer data is hosted on encrypted AWS containers. Encryption keys are programmatically managed through the AWS Key Management System (KMS).
Encryption in transit
All internet-facing application instances are assigned a TLS certificate to ensure that data communicated between your computer and the Opus 2 infrastructure is encrypted using the latest encryption protocols. The certificate is generated through a secure process and only supports encryption protocols and ciphers that are not currently known to be broken or otherwise compromised. All components communicate with each other over TLS.
Apart from AWS, we do not rely on any third parties to provide our solutions and services to our clients. Where third parties are involved for additional services, security screening is undertaken, and an NDA is signed. We also conduct the same level of background checks for our own employees, and we sign a Data Protection Agreement (DPA), as required by the GDPR.
We work with independent court reporters who are considered third parties for the services they provide. Each court reporter receives Opus 2’s Employee Security Awareness Training and signs an NDA with Opus 2. Additionally, several of the court reporters hold security clearances of varying levels for which they have undergone independent background checks. The court reporters are contractually obliged to maintain the security of client information in line with Opus 2’s security classification and data protection policies.