We are authorities in protecting your data, with physical, application, system and operational security procedures and policies.

Onit takes a cutting-edge approach to security. It’s a top priority and one we take exceedingly seriously. Using state-of-the-art technology to ensure your data is protected, collaborating on projects securely (with access to only authorized participants) has never been easier. Physical security, application security, system security, operational security and policies and procedures all play an integral and equal role in this approach.

Our data is secured using bank-grade 256-bit Secure Socket Layer (SSL) encryption and is stored in an enterprise-class, secured hosting environment that is backed up daily. All data within Onit remains the property of the project owner and cannot be accessed by any other user.

Here are some additional security measures we have taken to ensure your data is protected.

Physical Security
  • SSAE-18 Type II SOC II datacenter (hosted at Rackspace)
  • Dedicated servers
  • Redundant power connections with standby generators
  • Multiple redundant network connections
  • Biometric scanning for controlled data center access
  • Physical security audited by an independent firm
  • 24/7 video monitoring
Application Security
  • Custom-hardened Unix kernels
  • Managed virtual private cloud
  • Managed continuous firewall monitoring
  • Policies and Procedures
  • By policy, employees prohibited from accessing private data
  • Onit claims no ownership of your data
  • 24/7 monitoring and escalation
  • All users must be verified by email
System Security
  • System installation using hardened, patched OS
  • System patching configured to provide ongoing protection from exploits
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Data protection with managed backup solutions
  • Distributed Denial of Service (DDoS) mitigation services
Operational Security
  • Onit audits to SSAE-18 SOC 2 Type 2, SOC 1 Type 2 and HIPAA standards, verified by an independent auditing firm
  • Encryption for all administrative traffic (HTTPS, SFTP, SSH)
  • Encryption for all customer traffic (HTTPS)
  • Datacenter employees trained on documented information security and privacy procedures
  • Access to confidential information restricted to authorized personnel only, according to documented processes
  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures
  • Independently audited disaster recovery and business continuity plans

Schedule a Demo

Change your business process today. See how Onit can help!