Security & Compliance
OnRamp is exclusively hosted on AWS. OnRamp inherits the control environment AWS maintains and demonstrates via SSAE-16 SOC 1, 2 & 3, ISO 27001, and additional certifications. In addition, OnRamp has deployed a 24/7 intrusion detection system that sits on-top of AWS with daily manual log reviews. All data is encrypted both in motion and at rest.
- Hosted on a leading cloud infrastructure provider (AWS)
- Network and Perimeter Protection
- 99.9% Uptime
Customer data protection
The protection of your data is critical to your business, your customers, and your employees. OnRamp utilizes best-in-class practices (assessed by third party auditors) to keep it safe and give you the assurance you require.
- Logical Tenant Separation
- Encryption In-Transit (TLS 1.2, TLS 1.3)
- Encryption At-Rest (AES-256)
- Self-Hosted Data Storage Availability
OnRamp follows a Test-Driven Development (TDD) software development process including both multi-party manual and automated security checks based on OWASP application security principles. Application security controls include: defense in depth, positive security model, fail securely, run with least privilege, intrusion detection, amongst others.
- Web Application Firewall (WAF)
- Distributed Denial of Service (DDoS) Protections
- Regular Vulnerability Scanning
- Annual Penetration Testing
OnRamp has dedicated security personnel who have responsibility for security across the OnRamp organization. All OnRamp employees undergo background checks along with initial and ongoing security training and testing. All access is two-factor authentication controlled, logged, and run with least privilege controls.
- Security Education & Awareness Training
- 24/7 Monitoring and Incident Response
- Vendor Risk Management
Compliance & privacy
Our practices are audited on an ongoing basis by third party assessors according to the most rigorous industry standards. Hundreds of daily automated tests ensure that the application and security practices are always in compliance.
- SOC 2 Type 2 Certified
- GDPR Compliant
- CCPA Compliant
- HIPAA Compliant