OneDesk Security

DATA SECURITY & PRIVACY MEASURES

OneDesk understands the importance of security and privacy. This is why we prioritize protecting and securing our customers’ data. OneDesk uses a variety of security measures to ensure that your data is protected at all times:



OneDesk is Hosted on AWS

The OneDesk servers are hosted on Amazon Web Services (AWS) in the United States. These secure facilities are where many of the worlds biggest companies host their data and services. AWS adheres to multiple security standards and compliance certifications such as PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. You can read more about AWS’ security here.



SSL Encryption

OneDesk transfers data entirely over SSL (Secure Sockets Layer). OneDesk uses the SSL encryption security protocol to make sure that your data is encrypted when it is being transferred between our system and your computers and devices. Over-the-wire data is always encrypted while in transit, ensuring your information is protected.



Encrypted Credentials

OneDesk also provides protection for your usernames and passwords. While this information is stored on our servers, it is encrypted to ensure its protection.



Cloud Backups for Your Data

OneDesk schedules and runs cloud backup of all your data in our system every 6 hours. This is to help make sure that, should any problems occur in our system, you do not lose any more than 6 hours of data (To date, this data-loss has never occurred). As an added measure, your workitems stored on the OneDesk servers can also be exported to CSV at any time using our export view and reporting features. This allows you to do your own backups if needed.



No Stored Credit Card Information

When you have a paid subscription to OneDesk, credit card processing is performed by Stripe, a third-party online payment processing business. OneDesk never records any credit card information. This ensures compliance with the Payment Card Industry Data Security Standard (PCI DSS). You can learn more about Stripe’s security measures here.



NIST Standards for Passwords

OneDesk follows the National Institute of Standards and Technology’s (NIST) password requirements. OneDesk understands that having strong passwords improves the security of your data, so we ensure our customers’ data is protected by passwords that meet the NIST guidelines set out in 800-63B, which can be found here.



Enforced Session Time-Out (optional)

We understand that our customers have other priorities that may lead to them leaving OneDesk open on a web browser unattended. This is why we enforce session time-outs, which will automatically log you out of OneDesk if you leave your desk unattended for a period of time. Note that this is an optional security feature that you can turn off.



On-Premise & Private Cloud Deployment

If you wish manage the security yourselves or are required to for compliance reasons, we offer on-premise or private cloud deployment. For the private cloud, it will be hosted on AWS or Microsoft Azure. We also offer on-premise if you wish to host on your own servers. These options have minimum usage requirements and separate pricing. Contact us for more details.



Privacy

OneDesk cares a lot about your privacy. You can read more about our GDPR compliance here. You can also read our Privacy Policy.



Single Sign-On Capabilities

OneDesk implements SAML version 2.0, Open ID Connect and other identity providers to allow you to turn on Single Sign-On (SSO) for your users and customers. We also integrate with Azure Active Directory. SSO capabilities reduce the number of attack surfaces when your users and customers are only using one set of credentials.



Internal Access Permissions

OneDesk allows you to set application-level access permissions inside of the OneDesk app. This ensures that you have control over which applications your internal users can use and what they can do within those applications.



FedRAMP Compliance

While OneDesk does not have an independent FedRAMP authorization, we are hosted on Amazon Web Services in the US-East region. AWS is FedRAMP compliant in this region.

Read our Terms & Conditions.