Security Policy

Optimizory Information Security Policy

1. Purpose

The purpose of this policy is to protect the confidentiality, integrity, and availability of information managed by Optimizory and its products, including cloud-hosted and on-premise solutions. It defines how we secure customer data, internal systems, and development practices, ensuring the trust of our users and compliance with industry standards.

2. Scope

This policy applies to:

  • All employees, contractors, and consultants at Optimizory, regardless of location
  • All systems, infrastructure, and codebases used to develop, operate, and support Optimizory products
  • All environments—whether customer-hosted, Optimizory-hosted (e.g., vREST on AWS), or third-party platforms (e.g., Atlassian, monday.com)

3. Core Principles

Optimizory follows the CIA triad for information security:

  • Confidentiality – Protecting information from unauthorized access
  • Integrity – Ensuring data is accurate and unaltered
  • Availability – Ensuring systems and data are accessible to authorized users when needed

4. Security Commitments

Optimizory is committed to the following:

  • Implementing role-based access control for all systems
  • Maintaining secure software development practices, including code reviews and vulnerability scanning
  • Regularly reviewing and updating infrastructure, especially cloud environments
  • For apps - Links Explorer, Pact, Baseline X, Report X, and Custom ID: We do not store any personal or issue data on our servers. All data processed by the app remains strictly within the customer's Jira instance.
  • Monitoring systems for unusual activity and responding promptly to security incidents
  • Providing security awareness training to all team members
  • Keeping business continuity and disaster recovery plans up-to-date
  • Reviewing this policy annually or when major changes occur

5. Compliance and Standards

Optimizory strives to align with globally recognized standards and good practices, including:

  • ISO/IEC 2700
  • ISO 9001
  • Atlassian and monday.com security guidelines
  • Indian data protection laws and other applicable regional requirements

6. Responsibilities

  • Management is responsible for ensuring that security objectives align with company strategy and are implemented effectively
  • Engineering and DevOps teams are responsible for secure software development and infrastructure maintenance
  • All employees are responsible for protecting credentials, reporting incidents, and following secure data handling practices

7. Incident Reporting

Any employee or contractor who notices suspicious behavior, security vulnerabilities, or breaches must report them immediately to the designated security contact at Optimizory: support@optimizory.com

8. Review and Updates

This policy will be reviewed annually or as needed to reflect operational, legal, or technological changes.

Our Products Portfolio

LXP Jira

Links Explorer for Jira

The #1 user-rated Traceability app for Jira.

Read more
RMsis

RMsis

Most mature requirements management application for Jira.

Read more
vRest

PACT

Your dedicated solution for efficient Contract Management.

Read more
LXP Monday

Baseline X

The ultimate tool to take issue snapshots and track changes

Read more
LXP Monday

Report X

A Complete Traceability and Reporting Solution for Jira

Read more
LXP Monday

Custom ID

Make your JIRA issue IDs more informative

Read more
LXP Monday

RMview

Bring Requirements to Life Inside Jira

Read more
LXP Monday

UnifiedDocs

Dynamic Documentation for Confluence

Read more
vRest

vREST

Record, Specify, Test and Mock your RESTful and Other Web APIs.

Read more
LXP Monday

Links Explorer for monday

Get end-to-end traceability via tree view of item links.

Read more

Have any queries?

Please send a mail to support@optimizory.com to get in touch with us.