Securing your data is critical to our business. We’re constantly working to protect your information and prevent unauthorized account access.
The Origin Investor Portal is the platform designed and built by Origin Investments to provide our Investors with the services and tools that make investing with us a unique experience. We take the security of our users’ data seriously, and consciously take steps to ensure all information remains secure. To achieve this, we use Amazon Web Services (AWS), the world’s largest and most trusted cloud computing services provider, as the platform upon which we built the portal. By using AWS, we benefit from the security certifications AWS has obtained, including ISO 27001 certification, ability for Level 1 service provider under the Payment Card Industry (PCI) Data Security Standards (DSS). AWS undergoes annual SOC 1 audits and has been successfully evaluated at a moderate level for U.S. Federal government systems as well as DIACAP 2 for U.S. Department of Defense systems.
All external traffic between the users and the web application (between user and web server) is over a 2048 bit SSL connection or encrypted via SSH. All passwords and sensitive personally-identifiable information are encrypted at rest. Additionally, the Origin Investor Portal uses Extended Validation (EV) certificates, which are single-domain Secure Sockets Layer certificates that offer the highest degree of authentication and documentation checks.
Our support team maintains an account on all cloud systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Within Origin Investments, only authorized employees have access to application data. Authentication is done via Multi-factor authentication provided by Amazon’s Identity and Access Management (IAM) platform and uses a combination of passwords and security tokens.
Portal user accounts are designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data without explicit knowledge of that other customer’s login information. Customers are responsible for maintaining the security of their own login information.
The support team monitors the Origin Investor Portal platform 24×7.
Origin Investments understands the importance of ensuring the privacy of your personally identifiable information. For more information, please see our Privacy Statement.
Review and Compliance
Origin is committed to staying up-to-date with the latest best practices, regulations, and standards regarding the security of our system. To that end, periodic security scans and penetration tests are performed on the system by approved 3rd parties. Any vulnerabilities found are addressed with criticality as part of ongoing bug-fix and feature releases that enhance and improve the platform.
For more information or questions, please contact us.
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.