Security

Edit Subject

Paul,

Security is very important to Onit and we strive to provide a highly secure service. We have implemented some of the most advanced technology to make collaborating on legal projects secure and accessible only by the authorized participants.

For starters, our data is secured using bank-grade 256-bit Secure Socket Layer (SSL) encryption. The data is stored in an enterprise-class, secured hosting environment and is backed up daily. All data within Onit remains the property of the project owner and can not be accessed but any other user.

Here are some additional security measures we have taken to ensure your data is protected in Onit.

Physical Security

• SAS 70 Type II Audit-certified datacenter
• Dedicated servers
• Redundant power connections with standby generators
• Multiple redundant network connections
• Biometric scanning for controlled data center access
• Physical security audited by an independent firm
• 24/7 video monitoring

System Security

• System installation using hardened, patched OS
• System patching configured to provide ongoing protection from exploits
• Dedicated firewall and VPN services to help block unauthorized system access
• Data protection with managed backup solutions
• Distributed Denial of Service (DDoS) mitigation services

Operational Security

• ISO17799-based policies and procedures, regularly reviewed as part of SAS70 Type II audit process
• Encryption for all administrative traffic (HTTP, SFTP, SSH)
• Encryption for all customer traffic (HTPP)
• Datacenter employees trained on documented information security and privacy procedures
• Access to confidential information restricted to authorized personnel only, according to documented processes
• Systems access logged and tracked for auditing purposes
• Secure document-destruction policies for all sensitive information
• Fully documented change-management procedures
• Independently audited disaster recovery and business continuity plans

Application Security

• Custom-hardened Unix kernels
• Managed virtual private cloud
• Managed continuous firewall monitoring
• Single tenet storage

Policies and Procedures
• By policy, employees prohibited from accessing private data
• Onit claims no ownership of your data
• 24/7 monitoring and escalation
• All users must be verified by email