[Skip to Content]
login     1-888-282-4184 

Seguridad de ProntoForms

Security is a top priority for Prontoforms. That's why we closely follow the information security best practices prescribed by organizations like the National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA), and the SANS Institute.
Health Insurance Portability and Accountability Act Compliant
SOC2 Logo
Service Organization Control (SOC 2 Type 2) Audit Completed
ProntoForms has successfully completed the Service Organization Control (SOC2 Type 2) audit, reviewing internal controls and processes, as well as an evaluation of the organization’s controls against the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. SOC2 Audit and HIPAA Security Rule auditor attestation available upon request

Seguridad interna

Cada miembro nuevo del equipo de ProntoForms está sujeto a una verificación de antecedentes penales antes de contratarlo. También le brindamos a nuestro personal formación actual en seguridad para ayudarlos a proteger seguridad operacional contra las amenazas.

We routinely assess and monitor employees, contractors and third parties who have access to systems containing customer information. Access to our controlled areas is restricted. We're careful to track, monitor and manage all of our servers/instances and infrastructure. Any employee access to customer data is controlled using single-use credentials, and distinct permission sets.


Third Party Reviews and Information

Auditamos de manera constante la seguridad de nuestros entornos operativos. Cada seis meses, también no comprometemos a recibir pruebas de penetración externa que utilizamos para identificar y resolver rápidamente cualquier vulnerabilidad.

ProntoForms se suscribe al United States Computer Emergency Readiness Team (US-CERT), Amazon Web Services (AWS), SANS y OWASP Top 10. Estas organizaciones de seguridad monitorean activamente y publican avisos de vulnerabilidad y las tendencias relacionadas con la seguridad de la información. Recibir esa información nos permite mantenernos un paso adelante de potenciales problemas de seguridad.


Encriptación y seguridad de los datos

Data transmitted between the ProntoForms mobile applications and cloud systems is encrypted in using TLS. Information stored on our servers is encrypted with AES-256, while information stored on the native application leverages the functionality of the mobile operating systems to encrypt stored data. Our system is designed to protect against distributed denial of service attacks (DDoS). The ProntoForms native app is also compatible with a number of leading mobile device management (MDM) systems, which may apply additional data protection, and we are compliant with AppConfig’s best practice policies for EMM systems.

Customers can enable single sign-on (SSO) for mobile app and web portal access. Leading enterprise and cloud-based identity providers that support SAML 2.0 can be integrated. Google Login can also be used for SSO.

For customers not using SSO, ProntoForms enables configurable password-complexity policies. At a minimum, all passwords are hashed and salted. Passwords can only be reset, not retrieved. We send notifications when the password for a user account has been changed.

Para la seguridad y la distribución de nuestras aplicaciones móviles, trabajamos con marcos provistos por proveedores de plataformas móviles como Apple (configuración de aplicación administrada) y Google (Android para el trabajo). También nos asociamos con un número de proveedores líderes de gestión de movilidad para empresas (EMM) como MobileIron y VMWare AirWatch, que proporcionan soluciones móviles seguras.

The ProntoForms app is designed to work with pre-approved payment apps that process all credit transactions according to payment card industry (PCI DSS) regulations. These payment apps do not store any sensitive information and industry standard encryption methods are used to protect customer data.


Supervisión de la seguridad

ProntoForms continually logs event and usage data at the network, server, and application levels. All logs are aggregated and scanned using leading log management services. Log archives are maintained in a read-only state indefinately, as we never delete them. All developed code is peer-reviewed by multiple members of the engineering team using both manual and automatic testing processes.


Seguridad en la nube

All of our cloud services are hosted on AWS, which maintains compliance with a wide range of international and industry-related standards. ProntoForms utilizes Virtual Private Clouds (VPC) within AWS to further secure network, application and database resources. Access to our VPC is restricted to core personnel in accordance with leading best practices. Any access to the VPC is protected by multi-factor authentication and robust password policies.


Solution Availability

ProntoForms has consistently maintained the availability of its cloud services above 99.9%. The ProntoForms cloud is implemented with regional redundancies, and has been designed to eliminate single points of failure. All client data is saved in redundant storage. Our operations team receives timely alerts in the event of any system performance or availability issues. All availability issues are communicated in a timely manner via our support portal.


GDPR Data Subject Rights

Click here to manage your Data Subject Rights.


Política de privacidad

Click here to view our website privacy policy.


Do you have concerns about security? Get in touch with us.

We're always happy to answer any questions or concerns you might have around security. If you are a ProntoForms customer and have further questions or wish to report a suspected incident, please send an email to our security team at security@prontoforms.com.


Have questions about data security? Ask our experts.

We're always happy to answer any questions or concerns you might have around security.
Please use the form below to get in touch with our security team.


Reports and agreements are available to existing customers upon request to infosec@prontoforms.com.