Bitcoin USD   24h
Etherum USD   24h
Litecoin USD   24h
Ripple USD   24h
OiX N/A   N/A

OiX Government Security, Privacy and Compliance Overview

OiX Government works in tandem with customer agencies to develop pioneering security,privacy and compliance practices. Although a startup, our company has years of experience in its tam on implementation, maintenance and innovation in both Blockchain and Cloud development and management. Our teams focus on ensuring that we meet our own security and compliance standards consistently without fail as well as help our customers meet their compliance and regulatory requirements.


OIX has standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

OIX adopts NIST Security standards FIPS compliant cryptography module to prove the authenticity and integrity of the digital assets.

The OIX security authorization uses the FedRAMP requirements, which are FISMA compliant and based on the NIST 800-53 rev3, (800-53, 8003-47) and FIPS 199 and 200

  • Improves real-time security visibility
  • Increase confidence in security of OIX platform
  • Provides a uniform approach to risk-based management
  • Ensure consistent application of existing security practices
  • Increase automation and near real-time data for continuous monitoring
  • Accelerate the adoption of secure OIX platform through reuse of assessments and authorizations
  • Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process
  • Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for OIX product approval in or outside of FedRAMP
  • Prevent anyone — even root users and administrators — from accessing sensitive information
  • Deny illicit attempts to change data or applications within the network.
  • Carefully guard encryption keys using the highest-grade security standards so they can never be misappropriated.

Infrastructure Protection

We address security risks on a continuous basis across our infrastructure inclusive of hardware, software, network and manpower. We have key focus on intrusion detection and prevention systems, denial of service attack prevention and regular penetration testing. With OiX, our customers can greatly reduce their own investment on these capabilities and benefit from economies of scale that is set in by our enterprise wide security initiatives.

Network Protection

OiX networking delivers the infrastructure needed to securely link the Virtual Machines to one another and to connect the on-premises data centers with deployed OiX VMs. OiX blocks unapproved traffic to and within our data centers by using a variety of technologies including but not limited to firewalls, partitioned Local Area Networks, and physical separation of back-end servers from public-facing interfaces.

Some of our measures are

  • Network isolation.
  • Virtual networking.
  • Encrypting communications.
  • Access monitoring and logging
  • Strong authentication
  • Role-based access control

Data Protection

We rely on both technological safeguards, including but not limited to end-to-end encrypted communication and streamlined and monitored operation processes to help maintain security of Customer Data. Our scalable and adaptable setup means that customers can easily implement additional Security measures and encryption and manage their own keys.

  • Data in transit.
  • Data at rest..
  • Data segregation.
  • Data destruction.


OiX believes that we have an obligation to keep security measures in place so that they can rest assured that there is a robust infrastructure taking care of their privacy concerns. We also go all-out to ensure that our Service Management measures are transparent so that customer has clear visibility of where their data is and who has access to it.:

Here is an abstract of our security approach

  • Data in transit.
  • Data at rest..
  • Data segregation.
  • Data destruction.


OIX customers remain responsible for complying with applicable compliance laws and regulations. In some cases, OIX offers functionality (such as security features), enablers, and legal agreements (such as the OIX Data Processing Agreement and Business Associate Addendum) to support customer compliance.

No formal certification is available to (or distributable by) Open Investment Exchange cloud service provider within these law and regulatory domains.

  • EU Model Clauses
  • GLBA
  • IRS 1075
  • ITAR
  • My Number Act [Japan]
  • U.K. DPA - 1988
  • VPAT / Section 508
  • EU Data Protection Directive
  • Privacy Act [Australia]
  • Privacy Act [New Zealand]
  • PDPA - 2010 [Malaysia]
  • PDPA - 2012 [Singapore]
  • PIPEDA [Canada]
  • Spanish DPA Authorization

OIX pursues disparate security and compliance standards across geographies and verticals, including ISO 27001, FedRAMP, and PCI DSS, CESG (UK), Singapore Multi-tier Cloud Security (MTCS) standards and applicable EU data protection laws. This means that customers, with existing deployments elsewhere, wishing to transfer personal data from the European Economic Area (EEA) to other countries can do so knowing that their content in OIX will be given the same high level of protection it receives in the EEA. OIX aspires to reduce the effort needed to perform audits, since these tasks become routine, ongoing, and automated. By spending less time on manual activities, manages risk and improves security posture.