Security

Security and Data Protection

You can rest easy knowing Onspring works around the clock to maintain security and earn your trust.

Onspring Platform Certifications

Data security is of the utmost importance to our business and yours. In fact, SecurityScorecard awarded Onspring a 100/100 score. We document information privacy, security, and risk management policies to ensure the confidentiality, integrity, and availability of customer data. Clearly defined roles, responsibilities, policies, and procedures protect the data stored in Onspring.

Security practices:

  • Maintenance of Information Security Policies
  • Dedicated security resources with defined responsibilities and accountability
  • Acceptable use of Onspring’s platform and systems
  • Identity, access, and authentication management
  • Access control and password requirements
  • Platform logging and monitoring process
  • Incident response process
  • Risk management, certifications, and assessments
  • Physical controls and security requirements of our data centers
  • Third-party risk management, security, and privacy
A computer screen displays a dashboard with action buttons at the top and two colorful bar charts below, showing aggregated and average ratings of annual risk assessments for compliance and security.
SOC

SOC2 Type II

Onspring maintains an annual SOC2 Type II attestation prepared in accordance with AICPA standards to validate our safeguards for customer data security, availability & confidentiality.

Onspring is Star level 1 Cloud Security Alliance

CSA & CCM

Onspring is STAR Level One with the Cloud Security Alliance (CSA), demonstrating our continued compliance with the Cloud Controls Matrix (CCM).

FedRamp Authorized

FedRAMP Authorized

Onspring GovCloud is FedRAMP Authorized at a moderate impact level.
View GSA Listing.

Penetration Attestations

Network penetration tests against public-facing infrastructure and web app tests against public-facing web services, plus internal vulnerability and penetration testing against non-public infrastructure, including wireless networks.

Subservice Organizations

Subservice organizations maintain their own certifications and audit processes that meet the requirements of their service offerings. Onspring reviews attestations annually to ensure their due diligence activities meet our mandatory requirements.

Success Story

“It’s important to have a full process and plan behind your vulnerability management. If you don’t, you’re just plugging holes in the dam without knowing what’s going to pop up.”

Norman Harber · Chief Executive Officer

Leverage Corporation

Read Case Study

If you have questions, get in touch with us.

Contact Us