Solution Security

We are committed to protecting our customers from security threats and incidents. At OnPrintShop, we follow security by design and comply with the highest standard of ISMS with ISO 27001:2022 certification underlining our leadership in protecting sensitive information assets.

Protecting Your Data

Hosted By Amazon Web Services (AWS)

AWS data center is SOC 1, SOC 2, and SOC 3 compliant. All data is stored and processed in multiple AWS zones based on customer’s locations.
Mainly available zones are in US, Frankfort, and Singapore regions.

Data Security During Transit & At Rest

All data in transit are encrypted using secure TLS cryptographic protocols. (TLS 1.2)
All data at rest are encrypted using Advanced Encryption Standard (AES) with a 256-bit key.
All data transferred over HTTPS are encrypted using SHA-2 compliant cipher suites.

Access Controls

Role-based access through IAM enforces segregation of duties, two-factor authentication, and end-to-end audit trails, ensuring access in accordance with the security context.

AICPA SOC 2 Certified

With SOC 2 standards, we help our clients to strengthen their data security architecture and abide by exemplary compliance standards.

Malware & Spam Protection

Period manual and automated security reviews and risk assessment.
Real-time threat detection and blocking to prevent malware, phishing, and spam attacks.

ISO 27001:2022, ISO 9001:2015 Certified

OnPrintShop's certification of ISO 9001:2015 and ISO/IEC 27001:2022, affirms our dedication to quality and secure Web2Print solutions for global print businesses.

Access Control and Organizational Security

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our codebase and data.
During onboarding and periodically, all employees receive training on security concerns and best practices for their systems.
Access to the production environment is restricted to a very limited set of users based on the job roles.
Access to the production environment for developers and Quality Assurance team members is restricted based on their job responsibilities.

Segregation Levels

We segregate access to our data at different levels:

AWS Resource Level

Data is segmented across databases and S3 buckets based on customer and data type. Each dataset is logically isolated across accounts, with access secured through strong authentication and authorization controls.

Network Level

Dedicated VPCs are created for each environment, with production fully isolated from development and other environments to ensure strict network separation.

Application Level

Customers are logically segmented at the application layer, ensuring that data access, workflows, and user roles remain isolated across accounts within the platform.

Tenant Level

Built on a secure multi-tenant architecture, where infrastructure is shared but customer data remains fully isolated and protected through strict access controls.

PCI DSS Compliance

OnPrintShop does not store payment data. We use a PCI DSS-certified 3rd party to accept or process credit card information securely in following these standards.
The use of such a PCI DSS certified 3rd party ensures compliance with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and the Revised Directive on Payment Services (PSD2).
OnPrintShop offers PCI-DSS Standards for Client solutions on request. In the event of any issues, OnPrintShop is solely responsible for resolving and providing Clients with the necessary support for to comply with the PCI-DSS Standards.

Application Security

We maintain a robust application security program, covering the following:

Security reviews and risk assessment during software design
Strict manual and automated code review standards maintained during deployment
Customer passwords are hashed and stored using the encryption algorithm
Compliance to Top 10 OWASP for secure development and application testing
Security development training and secure code review guidelines for employees during implementation
Established procedures for reporting and tracking incidents for timely communication, investigation, and resolution.

Network Security

Our production network is strictly segmented between public and private services. Application servers operate only within private subnets without public IP exposure. Access is routed exclusively through AWS-managed load balancers, while tightly configured security groups regulate all inbound and outbound traffic.
Advanced AWS Shield, Web Application Firewalls, and edge-level security controls provide an added layer of protection against external threats. Server access is tightly restricted, with no direct inbound traffic permitted by default.

Physical Security

We segregate access to our data at different levels:

Data Center

OnPrintShop is hosted on Amazon Web Services (AWS) and guarantees the implementation of measures according to the red security level. Cloud service providers operate state-of-the-art data centers that focus on security and protection of data as the primary design criteria. This is demonstrated by ISO/IEC 27001 certificate.

Offices

The access to offices is restricted and monitored by the reception who are also responsible for visitor management. According to the security zone concept, some areas are locked, and visitors must be guided by employees.

Data Backup & Recovery

Data backup and recovery is an essential aspect of OnPrintShop store management, ensuring the integrity and availability of critical business information. A comprehensive data backup strategy is in place that safeguards against data loss due to hardware failures, software malfunctions, or human errors, enabling swift recovery and minimizing business disruptions.
Our disaster recovery plans require that data in the production environment be frequently snapshotted and stored durably in S3 Servers (Data, Server & Database).

Build Your Print Business with Most Secured & Compliant Web to Print Solution

Grow with us