Okta Completes Security Action Plan

Security and protecting customer data remain Okta’s highest priorities. In April, we released our Security Action Plan, detailing our commitment to security on behalf of our customers. The plan outlines both short and long-term steps to strengthen the security posture of our third-party processors with access to customer support systems, as well as our own enhancements to incident response and customer communication.

The actions we committed to in our Security Action Plan have been completed. We are providing this update to highlight the changes we’ve made and explain the security-related communication you can expect from Okta in the future. 

A brief summary of the actions that have been completed: 

  • Third-Party Risk Management: Compliance with our security requirements is complete. In short, the technology environment that our sub-processors who provide support services use must equal our own.
  • Customer Support Systems Access: Implemented granular access control, required all providers performing work for us to use Okta-owned endpoints.
  • Incident Response and Customer Communication: While Okta will take every step to prevent security-related incidents, an important part of security posture is preparation. We are investing in customer notification technology, revising our incident response processes, and preparing our teams for rapid responses with stakeholders. For example, in the event of a significant security concern, we will proactively contact an organization’s security & privacy contact(s) and primary IT contact(s) via the information in their profile: email, SMS, phone call. Additionally, we will augment these direct communications with an in-product notification.

To leverage our rapid customer notification technology, we are asking all Super Admins to review and maintain the security and privacy contact(s) and preferred communication methods by following the instructions in our Knowledge Base article.

For more information on customer communication capabilities, please see our Knowledge Base FAQ: Rapid Customer Security Communication Capabilities.

We recognize the fundamental importance of security, and we are committed to taking every step to prevent, prepare, and respond rapidly and transparently whenever needed. Thank you for your continued trust.