Security

Security
Oleg Shilovitsky
Oleg Shilovitsky
5 October, 2022 | 5 min for reading

Learn about the OpenBOM platform, infrastructure and security.

Here at OpenBOM, we take security seriously to allow you and your team to focus time on what you need to do – manufacturing products. At OpenBOM, we are proud that we can provide our customers with innovative products and security practices that conform to industry standards. 

Cloud Is Better For Modern Distributed Manufacturing Teams 

OpenBOM delivers a modern multi-tenant system architecture and put security as a top priority. It includes multiple levels of security: 

  • Physical security level 
  • Data security 
  • Security Technology
  • Logic model security 
  • Access control  

The following security summary of key practices used by OpenBOM will help you to understand what we do to ensure you secure and safe work of all users on the OpenBOM platform. 

If you have any questions, please feel free to contact support@openbom.com and put the SECURITY question in the subject line. 

Data Sharing 

OpenBOM data sharing mechanism is the foundation of the user security model. It allows you to grant permission when you share information (items, catalogs, BOMs). OpenBOM provides a granular data sharing model to allow another user to see, edit or share information. 

  • No access
  • Read-only
  • Via user-defined view 
  • Edit 
  • Admin level 

Communication between OpenBOM servers, web browsers, and client applications (eg. OpenBOM CAD plug-ins) is always encrypted. 

For more information about OpenBOM sharing, check our online documentation.

Please be aware that users can export data by using the export command or copying data from the browser. OpenBOM won’t be able to prevent you from the situation when someone is exporting data when having the access to the data. We recommend securing your password and using a multi-factor authentication mechanism and not sharing your credentials with other users in your company. Once the data is exported, it is out of OpenBOM security control. 

Infrastructure, Certifications, and Compliance

OpenBOM is built upon the AWS (Amazon Web Services) PaaS infrastructure and IaaS platform. AWS EC2 was chosen as one of the most secured and powerful cloud infrastructures to support the OpenBOM platform. It includes globally distributed and physically secured data centers with redundant power, cooling, and networking. AWS has achieved multiple US and global security and quality certification including ISO 9001, ISO 27001, SOC-2 Type 2., FIPS 140-2, and NIST 800-53. 

OpenBOM is using AWS Virtual Private Cloud (VPC) technology to isolate and secure network traffic in and out of the OpenBOM service. 

SOC2 Type 2 Certification

SOC2, which stands for Service Organization Control 2, is a framework developed by the American Institute of Certified Public Accountants (AICPA) to assess the security, availability, processing integrity, confidentiality, and privacy of customer data in a cloud service environment. In today’s interconnected and data-driven world, SOC2 certification has become a critical benchmark for evaluating the trustworthiness of service providers.

For businesses, SOC2 certification provides assurance that the service they are using adheres to stringent security and privacy standards. It helps organizations safeguard sensitive data, build trust with their customers, and mitigate the risk of data breaches and cyberattacks.

has achieved SOC 2 Type II compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that OpenBOM provides enterprise-level security for customers’ data secured in the OpenBOM platform.

To obtain a copy of OpenBOM’s SOC2 Type 2 certificate and gain confidence in the security of your data, please contact our customer support team at support@openbom.com. We are committed to transparency and are happy to provide our users with the documentation they need to make informed decisions about their data management solutions. You need to sign an NDA to get a copy of the OpenBOM SOC2 report. 

PCI Security Standards

OpenBOM is using a third-party payment processing service (BlueSnap). Credit card information is encrypted in your browser or mobile client and sent directly to the BlueSnap service. OpenBOM doesn’t store your credit card information on OpenBOM servers. OpenBOM payment process is PCI compliant. Please contact BlueSnap if you have any questions. 

Communications Security and Encryption

OpenBOM is using HTTPS and TLS/SSL for all services including OpenBOM public website, training library website, and all applications installed in CAD systems. We have an automatic testing mechanism to validate the availability of our services and the operation team monitors our services all the time. 

All data stored in OpenBOM is stored in databases and AWS file storage is fully encrypted with AES-256. OpenBOM encrypts data in both (at rest and in transit) modes, so your data is fully encrypted from the moment of time it leaves your computer or device. 

Accounts and Password Management

OpenBOM is using Okta, the number #1 identify platform to manage users and passwords for OpenBOM. 

OpenBOM stores customer passwords in an encrypted way using Okta, so passwords cannot be compromised. In addition to that OpenBOM provides MFA / 2FA service to advanced secured login using Google Authentication (or similar application) for code management. 

Customer Data Protection

OpenBOM takes the security and privacy of customer data very seriously. OpenBOM employees don’t have the ability to access any customer data until it has been shared using the “Share” command with a support group. In addition to that OpenBOM operations personnel can access the server environment only via a special authentication mechanism and secured passwords and 2FA. 

Security Reporting 

OpenBOM is quickly investigating all reported security issues. If you believe you found a bug with OpenBOM security, please be in touch with our support@openbom.com asap and put SECURITY in the subject line. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by OpenBOM.

Privacy Statement 

OpenBOM is fully committed to protecting your privacy online. To learn more about OpenBO Privacy, visit OpenBOM Privacy Page. 

More Questions? 

If you have any questions or issues, please get in touch with OpenBOM support.

To the top