Solution Security

Ensuring that our customers’ data is safe and secure is a huge responsibility and a top priority for us. We are committed to protecting our customers from security threats and incidents. At OnPrintShop, we follow security by design and comply with the highest standard of ISMS with ISO 27001:2022 certification underlining our leadership in protecting sensitive information assets. We back ourselves up with robust data security and privacy practices that are integral to our product and service delivery principles.

Protecting Your Data

Hosted By Amazon Web Services (AWS)

AWS data center is SOC 1, SOC 2, and SOC 3 compliant. All data is stored and processed in multiple AWS zones based on customer’s locations.
Mainly available zones are in US, Frankfort, and Singapore regions.

Data Security During Transit & At Rest

All data in transit are encrypted using secure TLS cryptographic protocols. (TLS 1.2)
All data at rest are encrypted using Advanced Encryption Standard (AES) with a 256-bit key.
All data transferred over HTTPS are encrypted using SHA-2 compliant cipher suites.

Access Controls

Role-based access through IAM enforces segregation of duties, two-factor authentication, and end-to-end audit trails, ensuring access in accordance with the security context.

AICPA SOC 2 Certified

With SOC 2 standards, we help our clients to strengthen their data security architecture and abide by exemplary compliance standards.

Malware & Spam Protection

Period manual and automated security reviews and risk assessment.

Access Control and Organizational Security

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our codebase and data.
During onboarding and periodically, all employees receive training on security concerns and best practices for their systems.
Access to the production environment is restricted to a very limited set of users based on the job roles.
Access to the production environment for developers and Quality Assurance team members is restricted based on their job responsibilities.

Segregation Levels

We segregate access to our data at different levels:

AWS Resource Level

Data is segmented among different databases and S3 buckets, based on the type of data and customers. It means data is logically separated across accounts and access to it is protected by strong authentication and authorization controls.

Network Level

We have established different VPCs, depending on the environment and a VPC for the production environment, segregated from the development environment and others.

Application Level

Customers are segmented at logical level in the Application layer.

Tenant Level

Multi-tenant. Infrastructure is shared.

PCI DSS Compliance

OnPrintShop does not store payment data. We use a PCI DSS-certified 3rd party to accept or process credit card information securely in following these standards.

The use of such a PCI DSS certified 3rd party ensures compliance with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and the Revised Directive on Payment Services (PSD2).

OnPrintShop offers PCI-DSS Standards for Client solutions on request. In the event of any issues, OnPrintShop is solely responsible for resolving and providing Clients with the necessary support for to comply with the PCI-DSS Standards.

Application Security

We maintain a robust application security program, covering the following:

Security reviews and risk assessment during software design
Strict manual and automated code review standards maintained during deployment
Customer passwords are hashed and stored using the encryption algorithm
Compliance to Top 10 OWASP for secure development and application testing
Security development training and secure code review guidelines for employees during implementation
Established procedures for reporting and tracking incidents for timely communication, investigation, and resolution.

Network Security

Our production networks are separated between public and internal services. No inbound internet traffic is allowed on the private subnets, and all application servers only reside in private subnets without public IP addresses. Only AWS managed and maintained load balancers have ingress access to the application’s internal servers. Tight security groups control inbound and outbound access to the servers.

Advanced AWS Shield, Web Application Firewalls, and other state-of-the-art perimetral security controls are installed at the edge locations to provide an additional layer of internal and external network security.
Access to our servers is strictly limited, by default no ingress traffic is permitted on them.

Physical Security

Data Center

OnPrintShop is hosted on Amazon Web Services (AWS) and guarantees the implementation of measures according to the red security level. Cloud service providers operate state-of-the-art data centers that focus on security and protection of data as the primary design criteria. This is demonstrated by ISO/IEC 27001 certificate.

Offices

The access to offices is restricted and monitored by the reception who are also responsible for visitor management. According to the security zone concept, some areas are locked, and visitors must be guided by employees.

Data Backup & Recovery

Data backup and recovery is an essential aspect of OnPrintShop store management, ensuring the integrity and availability of critical business information. A comprehensive data backup strategy is in place that safeguards against data loss due to hardware failures, software malfunctions, or human errors, enabling swift recovery and minimizing business disruptions.

Our disaster recovery plans require that data in the production environment be frequently snapshotted and stored durably in S3 Servers (Data, Server & Database).

Build Your Print Business with Most Secured Web to Print Solution and Unlock Exponential Growth Opportunities

Book a Demo