Security and DAM: Interview with Orange Logic’s Compliance Manager

Security
/
November 17, 2022
Security and DAM: Interview with Orange Logic’s Compliance Manager

 

Compliance Manager, Briana Attinger, started out focused on HIPAA and has ended up as Orange Logic’s expert on multiple regulations and industry standards, including ISO 27001, FINRA Rule 4511, GDPR, and lots more.

We interviewed Briana to learn about how Orange Logic secures customers’ digital assets and keeps them in compliance. This portion of the interview deals with security. Stay tuned for part two, where Briana gives us details about Orange Logic and compliance.

 

ORANGE LOGIC: So why don’t you introduce yourself?

BRIANA: Hi, I'm Briana Attinger. I am the Compliance Manager here at Orange Logic. 

 

ORANGE LOGIC: How did you become a Compliance Manager?

BRIANA: I was at a company where I was a contract administrator, and I ended up moving into HIPAA compliance. That’s when I really found my passion working for compliance and security. I was promoted to compliance manager, where I worked with ISO 27001, GDPR, and other regulations before moving over to Orange Logic.

 

ORANGE LOGIC: Why did you choose to work in compliance?

BRIANA: For me personally, I love working in compliance because it's an ever-evolving industry. There are always new laws and regulations and requirements that keep me on my toes, and it's also a really good feeling to know that what I do helps protect the information of others.

 

ORANGE LOGIC: What makes Orange Logic different when it comes to security?

BRIANA: One thing that is very unique about Orange Logic is that we actually use our DAM internally. So it’s very important that we secure the information of, not only our customers, but our employees as well. All of our employees are trained on security, whether they're in an information security role or not.

 

ORANGE LOGIC: Why is that focus so important? What happens if we can’t keep information secure?

BRIANA: Our customers’ end users, employees, and their information could be breached and handled by an unauthorized party. That could result in credit card information being used or personal information being used for a nefarious reason or something like that. And if we don’t secure that information, there are also legal consequences that we could face as well. 

 

ORANGE LOGIC: How do we keep customer informed regarding security and compliance?

BRIANA: Each customer has direct contact with their project manager and account manager. We also have our Trust Center. The Trust Center is a privacy, compliance, and security knowledge base that is accessible to our customers. Within the Trust Center, you’ll find audit reports, policies and procedures, and much more. 

 

ORANGE LOGIC: Let’s change directions. Sometimes customers are nervous about switching to cloud-hosting vendors. So in your experience, is cloud hosting secure?

BRIANA: Absolutely. Hosting in a cloud environment ensures reliability and availability. The cloud is very scalable and redundant. Our application, when it's hosted in the cloud, has a primary and a secondary environment that are both hosted in geographically-separate regions. This ensures that if one region is unavailable, we can easily switch your DAM to the secondary region. 

The cloud-hosting providers that we use have to comply with a number of regulations. Strict policies and procedures are implemented as well to ensure that there is privacy in the cloud-hosting environment, so you can be certain that your information is secure.

In addition, after a vendor is onboarded, we do an annual vendor risk assessment to make sure they can continue to keep our customers’ data safe.

 

ORANGE LOGIC: How do you prepare for something going wrong?

BRIANA: Building effective business continuity, disaster recovery, and incident response plans means focusing on availability and continuity. Continuity ensures that the services can continue in the event of a business disruption that includes an emergency response such as a natural disaster or even something like a human illness, such as a pandemic. 

And we care about resilience within our system. That’s why we use our own system, as I mentioned. It lets us continue testing and experiencing our product as our customers do, so we can spot potential pitfalls and fix them.

This ensures that we are always staying up-to-date in an ever-evolving industry. We are constantly working to improve our security program, and it's hard to say what we will come up with next to make sure our customers stay secure.