[Skip to Content]
get a demo      login       

ProntoForms Security

Your data is key to your business, and the security of your information is a top priority for ProntoForms. We closely follow industry best-practices and perform comprehensive audits of our systems to ensure that your data is always protected.
Health Insurance Portability
Health Insurance Portability and Accountability Act Compliant
Service Organization Control
Service Organization Control (SOC 2 Type 2) Audit Completed
Service Organization Control
Title 21 CFR Part 11 Compliance for Electronic Records and Electronic Signatures Attestation Received
Getting security right is important to ProntoForms, so we are constantly striving to maintain and improve our security program. ProntoForms subscribes to news and updates from industry leaders in security and vulnerability management, which equips us to stay ahead of any risks. Don't just take our word for it, we take on regular audits to verify our security and privacy practices and operations.

ProntoForms has successfully completed audits against the Service Organization Control (SOC 2 Type II), the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, the Health Information Technology for Economic and Clinical Health Act (HITECH), and has received Title 21 CFR Part 11 Compliance attestation for electronic records and signatures. Auditor attestations are available upon request.

Data Availability

We know that it is important for customers to be able to access their data anytime, anywhere. ProntoForms is proud to maintain the availability of its services above 99.9%. We implement safeguards to quickly and securely address any system performance or availability issues. Our team of on-call support staff responds to and resolve incidents as soon as they are identified. We regularly practice our incident response and disaster recovery plans to stay ahead of security threats and maintain the availability of customer data.

 

Application Security

The ProntoForms solution is designed with security in mind. All customer data flowing through the system is encrypted using industry standard TLS 1.2 or higher in transit and AES 256 at rest. Our developers are trained regularly in secure coding practices. All code undergoes rigorous peer reviews and is scanned for vulnerabilities prior to each release. We are continually monitoring our application and our environment so that we are quick to notice if anything goes awry. ProntoForms regularly engages third parties to perform penetration testing, and promptly resolves any issues that are identified.

 

Security Features

ProntoForms provides many security features which make it easy for customers to manage access to their data. Customers can choose to store their data on ProntoForms' servers or send the data to a preferred destination. ProntoForms is compatible with many Enterprise Mobility Management (EMM) and Single Sign-On (SSO) solutions and provides customers with the ability to set password complexity policies for their users. All passwords are hashed and salted to ensure that no one can gain unauthorized access to them.

 

Internal Security

The whole team at ProntoForms is engaged in maintaining security, right from the day they start. Before hiring, a background check is performed for every member of the ProntoForms Team. On the first day of work and every month thereafter, team members complete training to help them identify and prevent threats to the security of our business and your data. Employees are granted access to ProntoForms systems based on the principle of least privilege, and these systems are carefully monitored to keep our customers' data secure.

 

GDPR

Click here to manage your Data Subject Rights.

 

Privacy Policy

Click here to view our website privacy policy.

Frequently asked questions

How does ProntoForms keep my data secure?
ProntoForms takes the security of your data very seriously. Your information is encrypted in our systems—at rest and in-transit—at all times. Our systems are tightly controlled through comprehensive security policies and multi-layered access control systems. ProntoForms critical systems are secured using an enterprise-grade corporate identity management system, including the use of multi-factor authentication and robust password policies.

We conduct ongoing compliance audits, penetration testing, and automated security scans. We offer 24/7 service operations and employ dedicated incident management teams.
How is my data secured on hosted systems in the cloud?
All customer data is encrypted with the AES-256 cipher in our cloud hosted systems. We encrypt all data over HTTPS using TLS when in-transit to and from our cloud-hosted systems to customers’ apps.
Is my data also secured on iOS and Android mobile devices?
Yes. Your data is encrypted within the ProntoForms app on iOS and Android as long as a passcode is enforced.
Can I access ProntoForms via single sign-on (SSO)?
Yes. ProntoForms supports SSO for both mobile app and web portal access.
Has ProntoForms achieved SOC 2 compliance?
Yes. We have attained SOC2 Type I and Type II compliance. Our SOC 3 report is available for download here. A detailed report is available under our non-disclosure agreement.
What's the difference between SOC 2 Type II and other compliance certifications (such as ISO)?
SOC 2 Type II is a comprehensive assessment for an ongoing period of time. ISO, and similar certifications, are assessments at a specific point in time. SOC 2 Type II compliance enables us to demonstrate an ongoing commitment to internal control environment, policies, and procedures.
Is ProntoForms HIPAA Security Rule and HITECH Act compliant?
Yes. A certified third party has verified that our controls have been evaluated against the HIPAA Security Rule and HITECH Act.

It is your responsibility to ensure you have an adequate compliance program, internal processes, and that your use of ProntoForms services aligns with HIPAA and the HITECH Act. Use of ProntoForms contributes to HIPAA compliance, but does not guarantee it.
Can ProntoForms’ employees simply view the data in our ProntoForms account?
No. ProntoForms employees are prohibited—through defined organizational policies and access control systems—from viewing the data you import. Employees can access your data only after you provide explicit permission through the ProntoForms portal
Does ProntoForms screen employees prior to hiring?
Yes. All prospective ProntoForms employees must submit to a detailed background check. The background check includes criminal, education, and past employment verification.
Do ProntoForms employees adhere to secure coding guidelines?
Yes. All ProntoForms developers are trained on secure coding practices (i.e. OWASP) annually. All code is double-checked using a comprehensive code review process, which enforces secure coding standards before going live.
Does ProntoForms sign data processing agreements?
Yes. ProntoForms has signed and works with customers to put a mutually agreed data processing agreement in place.
Does ProntoForms have 24/7 security incident management capabilities?
Yes. We employ a 24/7 service operations and engineering team that monitors and resolves incidents as they occur. We use industry leading application performance monitoring and log analysis systems.
Does ProntoForms have a disaster recovery strategy?
Yes. Our disaster recovery strategy has guidelines for competitive recovery point objective (RPO) and recovery time objective (RTO). We offer a RPO of 24 hours, which reflects the current handling of database snapshots. We offer a RTO of six hours, which is reflective of the time required to launch services and restore data to the recovery environment.

We test the reliability of our disaster recovery strategy every quarter.
What steps has ProntoForms taken to proactively mitigate Distributed Denial of Service (DDOS) attacks and other malicious attacks?
ProntoForms uses Amazon Web Services’ Web Application Firewall (WAF) and Shield to minimize the effects of a DDOS attack. Both WAF and Shield allow us to permit or limit traffic through the use of custom security rules. We can also define additional WAF rules to pre-emptively block a wide range of malicious attacks.
Does ProntoForms offer any specific technology for customers who provide regulated services, such as those in the medical field?
Yes. ProntoForms offers many special capabilities—including, but not limited to:
  • Data Pass-Through
  • Enterprise Mobility Management and Mobile Device Management
  • End-to-End Data Encryption
  • Single Sign On
  • User Policy Management
  • Authentication Management

Have questions about data security? Ask our experts.

We're always happy to answer any questions or concerns you might have around security.
Please use the form below to get in touch with our security team.


 
Reports and agreements are available to existing customers upon request to infosec@prontoforms.com.