Security and Compliance
Solving your paperwork problems also means solving your security and compliance problems. At OnTask, your data’s security is at the forefront of our minds in everything that we do. OnTask complies with all of these best-practice standards.
OnTask is a fully HIPAA-compliant automation platform. We’re committed to solving paperwork problems for those in the healthcare industry and any company that deals with sensitive health information for their clients or employees. All Protected Health Information (PHI) collected and shared through OnTask meets or surpasses HIPAA requirements to ensure protection and compliance. Please note, covered entities that wish to use OnTask to store information under HIPAA compliance must have at least one OnTask Organization on the Enterprise Plan and execute a Business Associate Agreement (BAA) with OnTask. BAA’s are available upon request.
The more secure, cost-effective way to get documents signed. OnTask lets you collect legally binding and secure digital signatures on any quote, contract, or document and route them wherever they need to go.
Our Secure Software Features
Keeping your data safe is our number one priority. Learn what security features we have in place to protect your business.
Encryption at Rest
OnTask employs 256-bit AES encryption at rest, which is a fast and extremely secure method of encryption that is regarded as virtually unbreakable that covers documents and other data. Most government agencies, military organizations, and even the browsers most people use rely on 256-bit AES.
Encryption in Transit
OnTask employs TLS 1.2 to facilitate data privacy and protection as information is sent between OnTask and other platforms. TLS is imperative to keeping personal data like medical records, credit card info, and social security locked down and safe from hackers.
Tamper-proof documents aren’t just for physical paper. OnTask features tamper-proof digital documents, enforced by public-private key encryption, meaning only specified parties have access and are able to sign or make changes to documents sent through the OnTask system. Tamper-proof documents are essential in the event a document is contested in a court of law.
Servers & Networking
OnTask runs on Linux systems that are regularly updated with the latest security fixes. These servers are hosted in the secure data centers of Amazon Web Services (AWS) alongside our secured data in the AWS S3 and RDS services.
Customer Payment Information
OnTask does not process, store, or transmit payment card data from users. Instead, we rely on Braintree for payment processing.
Coding & Testing Practices
OnTask leverages industry-standard programming and testing techniques including rigorous automated testing, manual quality assurance checks, and detailed documentation. Our secure coding practices closely follow guidelines laid by the OWASP report.
To ensure security and lockdown data, we follow the principle of least privilege (POLP) in our solution. We segment employee access only to authorized users working within the product or with customers in real-time.
OnTask relies on logically isolated production network segments.
Periodic Vulnerability Testing
With each product release, web application security is evaluated and tested for vulnerabilities. Widely used testing toolkits and scanners are used to identify vulnerabilities and notify the OnTask team before updates are released to production.
Consistent System Monitoring
Our infrastructure and production applications are monitored around the clock, 365 days a year. OnTask’s dedicated monitoring systems automatically send out alerts in the event of an exception. OnTask engineers are alerted of these occurrences to escalate and proceed accordingly.
Service Levels & Backups
OnTask’s product infrastructure utilizes a wide number of layered techniques to ensure reliability and avoid product downtime. These techniques include load balancing, task queues, rolling deployments, and auto-scaling. Like the rest of the data in OnTask, all backups are encrypted using industry standards.
You can assign a one-time password to your documents to be sure only the intended recipient is able to access and sign a sent document. Available now in the Signature API & My Documents section.