Security at Once
We offer a secure and trustworthy space for your social interactions!
The primary objective of the Once Security team is to establish a world-class security entity, guaranteeing our members a confidential and safeguarded environment to sustain the enchantment of human connections. As you place your trust in Once with your information, the utmost importance is given to the security of our application and the confidentiality of your data. Upholding a strong, transparent, and accountable security program remains fundamental to our dedication to you.
Once Security Practices
Once's security initiative employs a comprehensive strategy to safeguard our organization and your data. This involves utilizing cutting-edge security infrastructure, responsible data practices, and adhering to industry best practices for security and privacy. These measures are implemented to proactively address the ever-evolving threats faced by internet services and infrastructure.
Our security program is concentrated in the following key areas:
Internal Information Security Program:
We are dedicated to enhancing security and minimizing risks within Once's digital environment. This includes developing secure access protocols and network architecture to systematically control internal access to Once's facilities, systems, and resources, employing the principle of least privilege. Internal use of two-factor authentication (2FA) is mandatory.
Application/Infrastructure Security:
Security is integrated into all stages of our development lifecycle to create superior and safer products, ensuring adherence to secure design and engineering principles. Rigorous security design reviews and assessments are conducted by our internal teams for all applications, systems, new features, code, and configuration changes. Routine independent and thorough penetration tests are performed by reputable third-party security experts.
Governance, Risk, and Compliance:
Security awareness is ingrained in our culture from day one and is an ongoing process. All employees undergo security and privacy training upon joining and annually thereafter. Security is a collective responsibility at Once, backed by physical, operational, and technical controls, as well as enforced security policies and procedures. In addition to extensive internal security risk assessments, we conduct detailed reviews of the security practices of our third-party vendors.
Offensive Security:
Our internal Security Team identifies previously undiscovered security vulnerabilities through offensive security testing. Simulating real-world attacks, this group prioritizes enhancing our security posture in areas of greatest risk. The objective is to gain insights into potential exposures and continually test to minimize the likelihood of a breach.
Monitoring and Threat Management:
Continuous logging and monitoring of access to our infrastructure and systems form the backbone of our security measures. Once's security monitoring, investigation, threat hunting, and incident response program ensures timely alerts, thorough investigation, triage, and remediation of security events.
Compliance Standards, and Regulations
Annual audits conducted by external firms are carried out to verify our alignment with the security requirements outlined in SOX and PCI-DSS.