Security and Compliance
Solving your paperwork problems also means solving your security and compliance problems. At OnTask, your data’s security is at the forefront of our minds in everything that we do. We’re constantly updating OnTask to ensure our product adheres to all industry standards and best practices.
OnTask complies with all of these best-practice standards
OnTask is a fully HIPAA-compliant automation platform. We’re committed to solving paperwork problems for those in the healthcare industry and any company that deals with sensitive health information for their clients or employees. All Protected Health Information (PHI) collected and shared through OnTask meets or surpasses HIPAA requirements to ensure protection and compliance. Please note, covered entities that wish to use OnTask to store information under HIPAA compliance must have at least one OnTask Organization on an Enterprise Plan and execute a Business Associate Agreement (BAA) with OnTask. BAA’s are available upon request.
SOC 2 Certified
OnTask is SOC 2 compliant. SOC 2 is a voluntary compliance standard detailing the ways in which digital companies should handle customer data. Our system is designed to protect client data under these standards using a number of encryption and authentication features.
OnTask serves schools and universities of all sizes and is fully FERPA compliant. Under FERPA regulations, student data must be protected and inaccessible to unauthorized users, while still being accessible to students, parents, and staff members with authorization. OnTask allows users to segment access using roles and permissions to comply with FERPA standards.
OnTask satisfies all requirements for CCPA compliance. All information stored and accessed in OnTask can be retained or deleted, and all workflows created in OnTask have the ability to provide an information disclosure for full transparency, meeting all requirements for this regulation.
Our Secure Software Features
Keeping your data safe is our number one priority. Learn what security features we have in place to protect your business.
Encryption at Rest
OnTask employs 256-bit AES encryption at rest, which is a fast and extremely secure method of encryption that is regarded as virtually unbreakable that covers documents and other data. Most government agencies, military organizations, and even the browsers most people use rely on 256-bit AES.
Encryption in Transit
OnTask employs TLS 1.2 to facilitate data privacy and protection as information is sent between OnTask and other platforms. TLS is imperative to keeping personal data like medical records, credit card info, and social security numbers locked down and safe from hackers.
Tamper-proof documents aren’t just for physical paper. OnTask features tamper-proof digital documents, enforced by public-private key encryption, meaning only specified parties have access and are able to sign or make changes to documents sent through the OnTask system. Tamper-proof documents are essential in the event that a document is contested in a court of law.
Servers & Networking
OnTask runs on Linux systems that are regularly updated with the latest security fixes. These servers are hosted in the secure data centers of Amazon Web Services (AWS) alongside our secured data in the AWS S3 and RDS services.
Customer Payment Information
OnTask does not process, store, or transmit payment card data from users. Instead, we rely on Braintree for payment processing.
Coding & Testing Practices
OnTask leverages industry-standard programming and testing techniques including rigorous automated testing, manual quality assurance checks and detailed documentation. Our secure coding practices closely follow guidelines laid by the OWASP report.
To ensure security and lockdown data, we follow the principle of least privilege (POLP) in our solution. We segment employee access only to authorized users working within the product or with customers in real-time.
OnTask relies on logically isolated production network segments.
Periodic Vulnerability Testing
With each product release, web application security is evaluated and tested for vulnerabilities. Widely used testing toolkits and scanners are used to identify vulnerabilities and notify the OnTask team before updates are released to production.
Consistent System Monitoring
Our infrastructure and production applications are monitored around the clock, 365 days a year. OnTask’s dedicated monitoring systems automatically send out alerts in the event of an exception. OnTask engineers are alerted of these occurrences to escalate and proceed accordingly.
Service Levels and Backups
OnTask’s product infrastructure utilizes a wide number of layered techniques to ensure reliability and avoid product downtime. These techniques include load balancing, task queues, rolling deployments, and auto-scaling. Like the rest of the data in OnTask, all backups are encrypted using industry standards.