OfficeSpace Trust

background-image
Start your security review
View & download sensitive information
ControlK

Overview

OfficeSpace Software is a complete space management and desk booking solution. This includes Visual Directory, Move Manager, Scenarios, Stack Plans, Reporting, Desk Booking, and Neighborhoods. Additional modules for Room Booking (calendar integration), Service Requests, and Visitor Management are also available.

Compliance

CSA STAR Level 1 Logo
CSA STAR Level 1
GDPR Logo
GDPR
SOC 2 Type 2 Logo
SOC 2 Type 2
GovRAMP Logo
GovRAMP

OfficeSpace Software is reviewed and trusted by

American Bar Association-company-logoAmerican Bar Association
OpenAI-company-logoOpenAI
Boston Consulting Group (BCG)-company-logoBoston Consulting Group (BCG)
KPMG-company-logoKPMG
Scotiabank-company-logoScotiabank
Capital One-company-logoCapital One
LPL Financial-company-logoLPL Financial
AmTrust Insurance-company-logoAmTrust Insurance
HUB International-company-logoHUB International
Jackson-company-logoJackson
AstraZeneca-company-logoAstraZeneca
HubSpot-company-logoHubSpot

Documents

Featured Documents

POLICIESInformation Security Policy

Risk Profile

Data Access LevelInternal
Impact LevelLow
Recovery Time Objective24-48 hours
View more

Security Questionnaires

CAIQ
OSS Self-Assessment (Full)
OSS Self-Assessment (LITE)
View more

App Security

Greetly-Application Penetration Testing
Code Analysis
OfficeSpace-Application Penetration Testing
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
PCI DSS (Greetly)
View more

Data Security

Access Monitoring
Data Asset Classification
Data Backups
View more

AI

AI Training Data and Bias
AI Security
AI Monitoring
View more

ESG

Anti-Bribery and Corruption
Anti-Modern Slavery
Code of Ethics
View more

Legal

SubprocessorsGoogle Cloud-company-logoHubSpot-company-logoMailgun Technologies, Inc.-company-logoSalesforce-company-logoHeroku-company-logo
Cyber Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Officer
View more

Access Control

Access Log Management
Data Access
Internal Single-Sign-On (SSO)
View more

Infrastructure

BC/DR
Google Cloud Platform (OSS)
Heroku (Greetly)

Endpoint Security

Anti-Malware
Disk Encryption
DNS Filtering
View more

Network Security

Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
Firewall
View more

Corporate Security

Email Protection
Employee Training
Incident Response
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Continuous Monitoring

Automated Alert Response
Data Loss Prevention System (DLP)
Event & Audit Log Management
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Incident Response

Incident Response Standard
Incident Reporting Process
Pager Service

Change Management

Change Management Program
Changes Notification & Verification
Configuration Management Program
View more

BC/DR

Business Continuity Plan (BCP)
Contingency Plan Testing/Lessons Learned
Contingency Training/Simulations
View more

Asset Management

Asset Classification
Asset Infrastructure
Asset Managment Data Flow
View more

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more
Knowledge Base (FAQ)
  • Is there segregation of duties for approving and implementing access requests for Scoped Systems and Data?
  • Is there segregation of duties for granting access and approving access to Scoped Systems and Data?
  • Is Unix or Linux used as part of the Scoped Services?
  • Is there collection of, access to, processing of, or retention of any client scoped Data that includes any classification of non-public personal information or personal data of individuals?
  • Where the use personal data requires explicit consent, are there mechanisms in place to obtain such consent prior to collection and consistent with the organization's privacy commitments or privacy policy?
View more
OfficeSpace Trust Updates

CVE-2025-55182

Copy link
Vulnerabilities

We are aware of the recently announced critical Remote Code Execution (RCE) vulnerability affecting certain Next.js applications (tracked as CVE-2025-55182).

We have completed a comprehensive review of our technology stack and security landscape.
We can confirm that our production environment and core services are not affected by this vulnerability.

• No Next.js Usage: Our application portfolio does not utilize the Next.js framework in any of our critical systems or services.
• Proactive Monitoring: Our continuous alerting and threat detection systems across our Node.js environments have confirmed that no vulnerable dependencies are present.

Maintaining the security and integrity of our platform is our highest priority. We continue to monitor the situation and surrounding security advisories to ensure our infrastructure remains protected against emerging threats.
If you have any further questions regarding this or any other security matter, please contact our support team.

Subprocessors