Security Guidelines

Contributors must meet stringent security and privacy requirements to have their plugins integrated into the platform.

Organizational practices for handling sensitive data must be in place:

  • Demonstrated compliance with privacy laws, including the PIPEDA act, is mandatory.
  • ISO 27001 and/or SOC 2 compliance and certification are encouraged.

Technological safeguards must be in place to secure systems against attacks and data leaks:

  • Controls against common vulnerabilities, including the OWASP Top Ten, should be in place.
  • Communications between the integrator’s plugin and backend must employ TLS version 1.2 or higher.
  • Frequent penetration testing is encouraged.

Access to the Open Innovation API is controlled through mutual TLS, API keys, and IP whitelisting. Controls are segregated by environment, so different certificates, keys, and IP address definitions will be required for user acceptance testing (UAT) and production environments, respectively. Submit a certificate signing request to Central 1 to obtain a mutual TLS certificate and API key.

Back to Top

Website Cookies

We use cookies on our website to provide you with personalized content and to analyze our traffic, ensuring we provide the best experience to our members. Select 'Accept' to continue browsing on our website. To learn more about our privacy policy, click here.