Cada miembro nuevo del equipo de ProntoForms está sujeto a una verificación de antecedentes penales antes de contratarlo. También le brindamos a nuestro personal formación actual en seguridad para ayudarlos a proteger seguridad operacional contra las amenazas.
We routinely assess and monitor employees, contractors and third parties who have access to systems containing customer information. Access to our controlled areas is restricted. We're careful to track, monitor and manage all of our servers/instances and infrastructure. Any employee access to customer data is controlled using single-use credentials, and distinct permission sets.
Third Party Reviews and Information
Auditamos de manera constante la seguridad de nuestros entornos operativos. Cada seis meses, también no comprometemos a recibir pruebas de penetración externa que utilizamos para identificar y resolver rápidamente cualquier vulnerabilidad.
ProntoForms se suscribe al United States Computer Emergency Readiness Team (US-CERT), Amazon Web Services (AWS), SANS y OWASP Top 10. Estas organizaciones de seguridad monitorean activamente y publican avisos de vulnerabilidad y las tendencias relacionadas con la seguridad de la información. Recibir esa información nos permite mantenernos un paso adelante de potenciales problemas de seguridad.
Encriptación y seguridad de los datos
Data transmitted between the ProntoForms mobile applications and cloud systems is encrypted in using TLS. Information stored on our servers is encrypted with AES-256, while information stored on the native application leverages the functionality of the mobile operating systems to encrypt stored data. Our system is designed to protect against distributed denial of service attacks (DDoS). The ProntoForms native app is also compatible with a number of leading mobile device management (MDM) systems, which may apply additional data protection, and we are compliant with AppConfig’s best practice policies for EMM systems.
Customers can enable single sign-on (SSO) for mobile app and web portal access. Leading enterprise and cloud-based identity providers that support SAML 2.0 can be integrated. Google Login can also be used for SSO.
For customers not using SSO, ProntoForms enables configurable password-complexity policies. At a minimum, all passwords are hashed and salted. Passwords can only be reset, not retrieved. We send notifications when the password for a user account has been changed.
Para la seguridad y la distribución de nuestras aplicaciones móviles, trabajamos con marcos provistos por proveedores de plataformas móviles como Apple (configuración de aplicación administrada) y Google (Android para el trabajo). También nos asociamos con un número de proveedores líderes de gestión de movilidad para empresas (EMM) como MobileIron y VMWare AirWatch, que proporcionan soluciones móviles seguras.
The ProntoForms app is designed to work with pre-approved payment apps that process all credit transactions according to payment card industry (PCI DSS) regulations. These payment apps do not store any sensitive information and industry standard encryption methods are used to protect customer data.
Supervisión de la seguridad
ProntoForms continually logs event and usage data at the network, server, and application levels. All logs are aggregated and scanned using leading log management services. Log archives are maintained in a read-only state indefinately, as we never delete them. All developed code is peer-reviewed by multiple members of the engineering team using both manual and automatic testing processes.
Seguridad en la nube
All of our cloud services are hosted on AWS, which maintains compliance with a wide range of international and industry-related standards. ProntoForms utilizes Virtual Private Clouds (VPC) within AWS to further secure network, application and database resources. Access to our VPC is restricted to core personnel in accordance with leading best practices. Any access to the VPC is protected by multi-factor authentication and robust password policies.
ProntoForms has consistently maintained the availability of its cloud services above 99.9%. The ProntoForms cloud is implemented with regional redundancies, and has been designed to eliminate single points of failure. All client data is saved in redundant storage. Our operations team receives timely alerts in the event of any system performance or availability issues. All availability issues are communicated in a timely manner via our support portal.
GDPR Data Subject Rights
Click here to manage your Data Subject Rights.
Política de privacidad
Do you have concerns about security? Get in touch with us.
We're always happy to answer any questions or concerns you might have around security. If you are a ProntoForms customer and have further questions or wish to report a suspected incident, please send an email to our security team at firstname.lastname@example.org.
We conduct ongoing compliance audits, penetration testing, and automated security scans. We offer 24/7 service operations and employ dedicated incident management teams.
It is your responsibility to ensure you have an adequate compliance program, internal processes, and that your use of ProntoForms services aligns with HIPAA and the HITECH Act. Use of ProntoForms contributes to HIPAA compliance, but does not guarantee it.
We test the reliability of our disaster recovery strategy every quarter.
- Data Pass-Through
- Enterprise Mobility Management and Mobile Device Management
- End-to-End Data Encryption
- Single Sign On
- User Policy Management
- Authentication Management
Have questions about data security? Ask our experts.
Please use the form below to get in touch with our security team.
Reports and agreements are available to existing customers upon request to email@example.com.