OneComply is dedicated to the security and privacy of your information.

Following SOC (Security & Organizational Controls) standards defined by AICPA (American Institute of CPAs), we have implemented a cybersecurity risk management program designed to meet leading security standards, ensuring:

  • onecomply
    Security
  • onecomply
    Availability
  • onecomply
    Integrity
  • onecomply
    Confidentiality
  • onecomply
    Privacy

Security Features

All OneComply servers are hosted inside a private virtual network within Amazon Web Services (AWS). AWS is SOC-2 and ISO compliant, verified by independent third-party examination reports demonstrating how they achieve all compliance controls and objectives. For more information on AWS Compliance Programs, please visit their website.

Our robust deployment architecture ensures your data is completely isolated and private, and every customer is deployed on their own independent data storage and technical infrastructure.

amazon web services

All data is stored in encrypted AWS data storage. This includes all primary data, backups, replicas, and snapshots. OneComply uses Amazon S3 server-side encrypted private buckets for document storage. All data is encrypted using the AES-256 (advanced encryption standard) encryption algorithm.

Communication between servers over external networks is always encrypted with industry-standard SSL.

OneComply enforces strong passwords. Two-factor authentication and federated login are available. All passwords are hashed using industry-standard encryption algorithms. After multiple failed login attempts, users are locked out and are logged out after a fixed period of inactivity.

We work with an unbiased third-party security firm to perform penetration and vulnerability tests against all aspects of our system and hosting environment.

All data is backed up daily with rolling seven day backups. All backups are encrypted with AES 256 encryption. The backup duration and time-period can be configured on request.

We use industry leading system monitoring tools for 24/7 monitoring of all systems and data activity. This includes intrusion detection, access logging and error monitoring.

Want To Learn More About Our Solutions?

Our streamlined solutions allow you to use one portal and one login to scale and manage your company’s compliance. From license application and management to license control, see what solutions we offer today.