This Security Statement is intended to provide an overview of Onsharp's security program and practices for customers and prospective customers. For information about how Onsharp collects, uses, and protects personal information, please refer to our Privacy Policy.
SOC 2 Status: Onsharp is actively undergoing a SOC 2 Type II audit to further validate the design and operating effectiveness of our security controls and operational practices.
Security Governance & Program Overview
Onsharp maintains an information security program designed to protect the confidentiality, integrity, and availability of information systems and data. Our security program includes documented policies and procedures, security awareness training, risk management practices, and technical controls aligned with widely recognized security frameworks and industry best practices.
Onsharp's security policies cover a broad range of topics including, but not limited to: acceptable use, access management, encryption, incident response, vulnerability management, vendor management, and secure software development.
Information Security Policies
Onsharp maintains a written Information Security Policy and supporting topic-specific policies. Personnel are required to acknowledge key security policies and responsibilities prior to being granted access to Onsharp systems and periodically thereafter.
Security policies are reviewed and updated as needed to support ongoing improvements and to address evolving threats, technology changes, and compliance requirements.
Organizational Security
Security roles and responsibilities are defined within the organization. Onsharp assigns responsibility for managing and maintaining the security program, including security operations, vulnerability management, incident management, and compliance activities.
Asset Management
Onsharp maintains controls and procedures designed to manage and protect both corporate and customer-related information assets. Authorized personnel who access or manage these assets are required to follow applicable security policies and procedures.
Personnel Security & Security Awareness
Onsharp maintains personnel security practices designed to reduce risk and support appropriate handling of sensitive information. These practices include, as applicable:
- confidentiality obligations for personnel with access to sensitive information,
- onboarding and offboarding procedures to ensure access is provisioned appropriately and removed when no longer required, and
- security awareness training for employees.
Physical & Environmental Security
Onsharp maintains physical security controls for its office locations and environments. In addition, Onsharp utilizes third-party hosting providers and data center facilities designed to provide physical security, availability, and redundancy.
Hosting providers and data centers typically implement physical security measures such as controlled facility access, monitoring systems, and environmental safeguards. Many of these providers maintain independent security compliance programs (e.g., SOC 2 Type II and/or PCI DSS).
Access Control
Onsharp implements access control measures designed to ensure that systems and data are accessible only to authorized individuals. Access is managed using role-based access principles and least privilege practices, with access granted based on business need.
Onsharp uses unique user accounts for personnel and maintains authentication controls designed to reduce the risk of unauthorized access.
Logging & Monitoring
Onsharp maintains logging and monitoring controls designed to detect suspicious activity, support investigation of security events, and enable operational oversight. Logging and monitoring practices include, as applicable:
- audit logging of access to systems,
- monitoring of security events and administrative activity, and
- restriction of access to security logs and monitoring tools to authorized personnel.
Encryption & Data Protection
Onsharp implements technical controls designed to protect data in transit and at rest. These measures include encryption technologies and secure transmission practices intended to reduce the risk of unauthorized access or disclosure.
Onsharp also maintains controls designed to logically segregate customer environments and limit access to customer data based on authorization and business need.
Change Management
Onsharp maintains change management practices designed to support secure and reliable updates to production systems. Changes to production environments are reviewed and controlled through established processes, including testing and approval procedures as appropriate.
Vulnerability & Patch Management
Onsharp maintains a vulnerability management program designed to identify, assess, prioritize, and remediate security vulnerabilities. This includes routine assessments and patch management processes intended to reduce exposure to known security risks.
Secure Software Development Lifecycle (SDLC)
Onsharp follows a secure software development lifecycle designed to improve the security and resiliency of the Services. Security considerations and testing are incorporated throughout the development process, including practices such as code review and quality assurance.
Incident Response
Onsharp maintains an Incident Response Plan designed to support preparation, detection, analysis, containment, eradication, and recovery from security incidents. Incident response personnel are trained, and the incident response program is tested periodically.
Business Continuity & Disaster Recovery
Onsharp maintains business continuity and disaster recovery practices designed to minimize service disruption and support recovery from system failures or other events. Controls may include backup procedures, recovery testing, and redundancy practices appropriate to the nature of the Services.
Supplier & Vendor Management
Onsharp maintains vendor management practices designed to evaluate and manage third-party suppliers and service providers that may support delivery of the Services. Where vendors may access or process sensitive data, Onsharp seeks to implement appropriate contractual protections and due diligence practices.
Security Questions
For security-related inquiries or requests for security documentation, please contact:
Onsharp, Inc.
3415 39th St S
Fargo, ND 58104
Email: legal@onsharp.com