Trust & Security Center

OneDesk understands the importance of security and privacy. This is why we prioritize protecting and securing our customers’ data. OneDesk uses a variety of security measures to ensure that your data is protected at all times.

Cloud & Network Security

The OneDesk servers are hosted on Amazon Web Services (AWS). These secure facilities are where many of the worlds biggest companies host their data and services. AWS adheres to multiple security standards and compliance certifications such as PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. You can read more about AWS’ security here.

OneDesk is hosted on AWS data centers located in the United States.

OneDesk transfers data entirely over SSL (Secure Sockets Layer). OneDesk uses the SSL encryption security protocol to make sure that your data is encrypted when it is being transferred between our system and your computers and devices. Over-the-wire data is always encrypted while in transit, ensuring your information is protected.
OneDesk also provides protection for your usernames and passwords. While this information is stored on our servers, it is encrypted to ensure its protection.

OneDesk schedules and runs cloud backup of all your data in our system every 6 hours. This is to help make sure that, should any problems occur in our system, you do not lose any more than 6 hours of data (To date, this data-loss has never occurred). As an added measure, your work items stored on the OneDesk servers can also be exported to CSV at any time using our export view and reporting features. This allows you to do your own backups if needed.

If you wish manage the security yourselves or are required to for compliance reasons, we offer on-premise or private cloud deployment. For the private cloud, it will be hosted on AWS or Microsoft Azure. We also offer on-premise if you wish to host on your own servers. These options have minimum usage requirements and separate pricing. Contact us for more details.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law  that stipulates rules and standards for healthcare related organizations. These standards mandate the protection and handling of protected health information (PHI) and other processes. For more information please see HIPAA guidelines. You may use OneDesk in a HIPAA compliant environment. To do so you must purchase a license specific to HIPAA-Enabled Accounts. Once the agreement is completed, it is the subscriber’s sole responsibility to maintain HIPAA compliance, including configuring mandatory account settings as outlined by OneDesk, as well as adhering to the requirements as described within the BAA.

A Business Associate Agreement (BAA) is a legal contract between you, the Subscriber and OneDesk. The Subscriber must have OneDesk’s BAA in place and have complied with all requirements prior to any Protected Health Information (PHI) being added into a OneDesk account. To request review of the BAA, please submit a quote request

Application & Product

OneDesk implements SAML version 2.0, Open ID Connect and other identity providers to allow you to turn on Single Sign-On (SSO) for your users and customers. We also integrate with Azure Active Directory. SSO capabilities reduce the number of attack surfaces when your users and customers are only using one set of credentials

We understand that our customers have other priorities that may lead to them leaving OneDesk open on a web browser unattended. This is why we enforce session time-outs, which will automatically log you out of OneDesk if you leave your desk unattended for a period of time. Note that this is an optional security feature that you can turn off.

OneDesk follows the National Institute of Standards and Technology’s (NIST) password requirements. OneDesk understands that having strong passwords improves the security of your data, so we ensure our customers’ data is protected by passwords that meet the NIST guidelines set out in 800-63B, which can be found here.

OneDesk allows administrators to turn on 2FA via email for all users in your account.

OneDesk provides an activity log to all plan levels. The log includes changes or deletion of work items, logins/logouts, user changes, and automation rules. 

OneDesk allows you to define roles (Administrator or Non-Administrator) to users in your account. For Non-Admin users you can further define granular access privileges to different parts of the application. 

Compliance

While OneDesk does not have an independent FedRAMP authorization, we are hosted on Amazon Web Services in the US-East region. AWS is FedRAMP compliant in this region.

OneDesk is HIPAA compliant. We offer HIPAA-enabled accounts which included the signed Business Associate Agreement (BAA). You can read more about our HIPAA compliance here.

While OneDesk does not have an independent ISO compliance, we are hosted on Amazon Web Services. AWS is ISO compliant and you can read the specifics of AWS ISO here.

Privacy & Legal

OneDesk cares a lot about your privacy. You can read our full Privacy Policy

OneDesk is compliant with GDPR. You can read our GDPR policy statement here

When you have a paid subscription to OneDesk, credit card processing is performed by Stripe, a third-party online payment processing business. OneDesk never records any credit card information. This ensures compliance with the Payment Card Industry Data Security Standard (PCI DSS). You can learn more about Stripe’s security measures here.

View our full Terms & Condition here

All OneDesk employees are required to sign Non-Disclosure and confidentiality agreements.

OneDesk is HIPAA compliant and HIPAA enabled accounts are available on our enterprise plan. These accounts include the signed Business Associate Agreement (BAA). To request the BAA, please fill in a quote for HIPAA here

Scroll to Top