SECURITY & COMPLIANCE

The customer onboarding platform with enterprise-grade protection

At OnRamp, security, data protection, and compliance are our top priorities. Our commitment to safeguarding your data is built into every feature, backed by a team with deep experience in developing secure solutions. 

elevate experience-1
 

Protected to the highest industry standards

Ensuring secure, seamless operations with real-time protection and compliance

 

Intuitive Onboarding: Guiding Customers and Teams to Success at Every Step

Create experiences customers actually want to engage in, with proactive, step-by-step direction that reduces work and builds trust and partnerships.

Trusted by leading brands

Compliance and privacy certifications

We undergo continuous, independent audits to meet the most rigorous industry standards, ensuring compliance through robust security and privacy measures.

Our platform is monitored by hundreds of daily automated tests, guaranteeing that our application and security practices meet compliance requirements at all times.

Our certifications and compliance include:
    • SOC 2 Type 2 certification
    • GDPR compliant
    • CCPA compliant
    • HIPAA compliant
62746e0a083c6b0e918e1966_OnRamp Certifications
6229c024f02d269008e378bc_Infrastructure security

Infrastructure security

OnRamp is hosted exclusively on AWS, leveraging AWS's robust control environment and certifications, including SSAE-16 SOC 1, 2, & 3, and ISO 27001, to ensure top-tier security and compliance. 

Beyond the AWS protections, OnRamp has implemented a 24/7 intrusion detection system, backed by daily manual log reviews for added security. All data is fully encrypted both in transit and at rest, offering comprehensive protection. 

With 99.9% uptime, our network and perimeter protections are designed to provide a secure, reliable platform for our customers.

Data protection

Protecting your data is essential to the security of your business, customers, and employees. OnRamp follows industry-leading practices, verified by third-party auditors, to ensure your data remains safe and secure.

  • Logical tenant separation: Each customer's data is securely segmented.
  • Encryption in transit: Protects data during transfer using TLS 1.2 and TLS 1.3.
  • Encryption at rest: Safeguards stored data with AES-256 encryption.
  • Self-hosted data storage: Ensures data availability and control within a secure environment.
6229c0248ffb26732e031e10_Customer data protection
6229c0243c9fc245d6c6f1b8_Application protection

Application protection

OnRamp employs a Test-Driven Development (TDD) approach, combining manual and automated security checks aligned with OWASP application security standards. 

This approach ensures rigorous protection through layered, proactive controls, including defense-in-depth strategies, positive security models, secure fail mechanisms, and least-privilege principles.

Our application security measures include:

  • Web application firewall (WAF): Shields applications from web-based threats.
  • DDoS protections: Mitigates distributed denial-of-service attacks to maintain service availability.
  • Regular vulnerability scanning: Identifies and addresses potential weaknesses.
  • Annual penetration testing: Ensures robust security through simulated attack scenarios.

Organizational security

At OnRamp, dedicated security personnel oversee and maintain security standards across the organization. Every employee undergoes thorough background checks, with comprehensive security training provided at the start and regularly refreshed over time. 

Access to systems is secured with two-factor authentication, rigorously logged, and controlled by least-privilege principles.

Key organizational security measures include:

  • Security education & awareness training: Regular training ensures all employees are informed of the latest security best practices.
  • 24/7 monitoring and incident response: Continuous monitoring allows rapid detection and response to any security incidents.
  • Vendor risk management: Proactive assessment and oversight of third-party vendors safeguard the integrity of our operations.
6229c024dbd31b670ef6e21d_Organizational security
 

Core security, privacy and compliance features

 

Intuitive Onboarding: Guiding Customers and Teams to Success at Every Step

Create experiences customers actually want to engage in, with proactive, step-by-step direction that reduces work and builds trust and partnerships.

Customer Feedback

Standard SSL Certificate

Protect your data with secure SSL encryption across all OnRamp pages.

Group 39551

Protected Portal

Ensure secure access to your Customer Portal with authentication restricted to an email whitelist that you control.

Infrastructure Security

Self-hosted File Storage Options

Choose to securely store your files on your own SFTP server or in an Amazon S3 bucket.

Reminder & Progress Tracking

Single sign-on (SSO) credentials

Enable users to access OnRamp seamlessly with single sign-on credentials.

Group 40105@3x-1

Custom Domain Security Settings

Allow your IT teams to control and manage security settings for your Customer Portal.

Bottleneck Detection

Audit Logs

Gain visibility into all activity with comprehensive audit trails for your organization.
image 63-1

Ready to see what’s possible?

We’d love 30 minutes to show how to get your customers to their value destination faster.