© 2020 onetool GmbH – All rights reserved.
Find us on:
Security & compliance
onetool keeps your data secure
Building a security-conscious SaaS management platform requires setting the highest standards when it comes to keeping your organizations data secure. That’s why the onetool product meets all necessary compliance obligations regarding data privacy, user authentication and infrastructure security.
GDPR
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation)
Privacy Shield
onetool fully complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, administered by the International Trade Administration (ITA) within the U.S. Department of Commerce.
SOC 2 Type II
We started the auditing process to become SOC 2 Type II (Systems and Organizational Controls) certified and are committed to undergoing regular audits to ensure the requirements are met.
Built to ensure your compliance
Platform and Data Protection
Our databases are hosted on Amazon cloud infrastructure, using Multi-AZ deployment for enhanced availability and durability. All data is encrypted both in transit and at rest. Database instances and backups are encrypted using the industry standard AES-256 encryption algorithm. Only secure (HTTPS) access to onetool website and app is allowed. Non-secure HTTP requests are first redirected for the HTTPS endpoint before they can be served.
Authentication
Each onetool user is identified with a unique session, stored in a HTTPS only, session cookie. The user scope is set in the database. Each request to the API server is first checked for the right scope in order to validate that a user is allowed to invoke the API. All API requests are scoped to the minimal required permission.
Independent audits continue to verify onetool internal security and processes
Onetool processes are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum 2 times per year by several third-party firms. The results of these audits are addressed based on priority as we improve our developmental processes.
Resources
Have any more security concerns?
We’re happy to answer any and all security questions or concerns you might have. You can request to review the reports and documentation of our audits by dropping us a line today [email protected]