[Skip to Content]


Watch 90 second video

What is Prontoforms
login     1-888-282-4184 

ProntoForms Security FAQ

How does ProntoForms keep my data secure?

  • ProntoForms has a range of technical and organizational measures to protect your data, combining technology and a strong organizational culture of security-first thinking, customer data is encrypted in our systems, both at rest and in transit
  • Access to our systems containing customer data is tightly controlled through comprehensive security policies and multi-layered access control systems
  • All of our critical systems are safeguarded with multi-factor authentication, and require strong passwords which expires after 90 days
  • Ongoing compliance audits, penetration testing, and automated security scans
  • Strong culture of information security, confidentiality, and availability underpinned by comprehensive organizational policies and personnel training
  • 24x7 service operations, software engineering, and incident management teams


How is my data secured on hosted systems in the cloud?

All customer data is encrypted with the AES-256 cipher in our Cloud hosted systems, furthermore, all customer data is encrypted when in transit to and from our Cloud hosted systems to customers apps over HTTPS using TLS.


Is customer data secured on iOS and Android mobile devices when using the ProntoForms app?

Yes, customer data on iOS and Android is encrypted as long as a passcode is enforced.


Are customers able to access ProntoForms via Single Sign-On?

Yes. ProntoForms supports SSO for both mobile app and web portal access. Enterprise application and Cloud based identity providers who support SAML 2.0 can be integrated, such as Azure AD.


Has ProntoForms achieved SOC2 compliance?

Yes. We have attained SOC2 Type I and Type II compliance. A summary report is available for customers to download from our website, and a detailed report is available under NDA. However, under most circumstances the summary report should be sufficient.


What is the main difference between SOC2 Type II over other compliance certifications, such as ISO?

SOC2 Type II is a comprehensive assessment for an ongoing period of time, while ISO and similar certifications are assessments at a specific point of time. By choosing SOC2 Type II compliance, we are able to tangibly demonstrate an ongoing commitment to our internal control environment, policies and procedures.


Is ProntoForms HIPAA Security Rule and HITECH Act compliant?

Yes. We have received attestation from a certified third party that we have successfully had our controls evaluated against the HIPAA Security Rule and HITECH Act. Please note that while ProntoForms helps support HIPAA compliance, using the ProntoForms service does not on its own achieve it. Customers are responsible for ensuring they have an adequate compliance program and internal processes in place, and that their particular use of ProntoForms services aligns with HIPAA and the HITECH Act.


Can ProntoForms employees arbitrarily view the content of the data customers import into their ProntoForms account?

No. ProntoForms employees are prohibited,(both through defined organizational policies and access control systems) from viewing the content of data customers import. Only after receiving explicit customer permission can data be accessed to assist with resolving support issues.


Are ProntoForms employees screened prior to hiring?

Yes. All employees must submit to a detailed background check. The background check includes criminal, education, and employment verification. The list includes:
  • Social Security Number Verification (includes trace)
  • Criminal Search
  • Employment Verification
  • Education Verification
  • Professional License or Certificate Verification
  • US Department of Treasury's Office of Foreign Assets Control (OFAC)
  • Specially Designated National or a Blocked Persons


Do ProntoForms employees adhere to secure coding guidelines?

Yes. All developers are trained annually on secure coding practices (i.e. OWASP), as well as secure code review techniques, so all codes are double-checked before being committed.


Are you willing to sign a data processing agreement?

Yes, ProntoForms has signed and will work with customers to put a mutually agreed data processing agreement in place prior to going live.


Does ProntoForms have the capability to manage security incidents 24x7?

Yes. We operate a 24x7 service operations and engineering team for monitoring and immediate resolution of incidents. We use industry leading application performance monitoring and log analysis systems.


What is ProntoForms disaster recovery strategy?

ProntoForms maintains a disaster recovery strategy which is tested on a quarterly basis, with competitive RPO and RTO definitions. We offer a recovery point objective (RPO) of 24 hours, which reflects the current handling of database snapshots. We also offer a recovery time objective (RTO) of 6 hours, which is reflective of the time required to launch services and to restore data to the recovery environment.