Compliance Manager, Briana Attinger, started out focused on HIPAA and has ended up as Orange Logic’s expert on multiple regulations and industry standards, including ISO 27001, FINRA Rule 4511, GDPR, and lots more.
We interviewed Briana to learn about how Orange Logic secures customers’ digital assets and keeps them in compliance. This portion of the interview deals with security. Stay tuned for part two, where Briana gives us details about Orange Logic and compliance.
BRIANA: Hi, I'm Briana Attinger. I am the Compliance Manager here at Orange Logic.
BRIANA: I was at a company where I was a contract administrator, and I ended up moving into HIPAA compliance. That’s when I really found my passion working for compliance and security. I was promoted to compliance manager, where I worked with ISO 27001, GDPR, and other regulations before moving over to Orange Logic.
BRIANA: For me personally, I love working in compliance because it's an ever-evolving industry. There are always new laws and regulations and requirements that keep me on my toes, and it's also a really good feeling to know that what I do helps protect the information of others.
BRIANA: One thing that is very unique about Orange Logic is that we actually use our DAM internally. So it’s very important that we secure the information of, not only our customers, but our employees as well. All of our employees are trained on security, whether they're in an information security role or not.
BRIANA: Our customers’ end users, employees, and their information could be breached and handled by an unauthorized party. That could result in credit card information being used or personal information being used for a nefarious reason or something like that. And if we don’t secure that information, there are also legal consequences that we could face as well.
BRIANA: Each customer has direct contact with their project manager and account manager. We also have our Trust Center. The Trust Center is a privacy, compliance, and security knowledge base that is accessible to our customers. Within the Trust Center, you’ll find audit reports, policies and procedures, and much more.
BRIANA: Absolutely. Hosting in a cloud environment ensures reliability and availability. The cloud is very scalable and redundant. Our application, when it's hosted in the cloud, has a primary and a secondary environment that are both hosted in geographically-separate regions. This ensures that if one region is unavailable, we can easily switch your DAM to the secondary region.
The cloud-hosting providers that we use have to comply with a number of regulations. Strict policies and procedures are implemented as well to ensure that there is privacy in the cloud-hosting environment, so you can be certain that your information is secure.
In addition, after a vendor is onboarded, we do an annual vendor risk assessment to make sure they can continue to keep our customers’ data safe.
BRIANA: Building effective business continuity, disaster recovery, and incident response plans means focusing on availability and continuity. Continuity ensures that the services can continue in the event of a business disruption that includes an emergency response such as a natural disaster or even something like a human illness, such as a pandemic.
And we care about resilience within our system. That’s why we use our own system, as I mentioned. It lets us continue testing and experiencing our product as our customers do, so we can spot potential pitfalls and fix them.
This ensures that we are always staying up-to-date in an ever-evolving industry. We are constantly working to improve our security program, and it's hard to say what we will come up with next to make sure our customers stay secure.
To learn more about how Orange Logic can help you with your DAM compliance needs, schedule a call today!