Téléchargez l'application mobile Onshape

IOS Android

Onshape Security Practices

Our comprehensive approach to privacy, data, and intellectual property security

Why is Security & Privacy our #1 Priority?

As a cloud-native solution, security, trust, and reliability are imperative to our success. Onshape has an internet-based infrastructure, so we prioritize security by enforcing robust measures. This includes end-to-end encryption, continuous monitoring, and regular compliance checks with industry standards. Our security framework is meticulously crafted to protect data at every stage of product design and collaboration. We ensure that your work stays secure, private, and accessible solely to authorized personnel. This allows you to concentrate on what truly matters: designing and building exceptional products.

Principales fonctions

Sharing

With Onshape's permission settings, users have complete control over who can edit, view, and/or share their data, ensuring intellectual property integrity. Onshape keeps your data safe while by facilitating seamless, file-free collaboration by making use of URL/hyperlink based sharing. This cloud approach to sharing data improves workflow efficiency while protecting intellectual property. Documents are kept on secure servers, and permissions can be adjusted or revoked instantly.

share icon

External Audits

Onshape completes a SOC 2, Type 2 audit annually, which certifies compliance with the American Institute of Certified Public Accountants (AICPA) SOC 2 Trust Services Criteria requirements. This delves into security policies, communication protocols, software design, data access controls, risk mitigation strategies, and more. This is a rigorous external audit that assesses whether a company's systems and processes are properly designed and adhered to.

A copy of Onshape’s SOC 2 report is available under NDA.

icon of padlock

PCI Security Standards

Onshape uses a third-party payment processor to handle transactions securely. Credit card details are encrypted and sent directly to the processor from your device, bypassing Onshape’s servers. This ensures your sensitive financial information is not stored by Onshape. The processor adheres to PCI standards, helping maintain payment security and compliance.

icône du signe du dollar dans un cercle gris

Communications Security

Onshape prioritizes security for all online interactions by mandating HTTPS across our public website, community forums, and other services. Comprehensive audits on SSL/TLS configurations, including certificate validation, issuing authorities, and cipher suites, are regularly conducted. Automated tools continuously assess our servers for vulnerabilities, and HSTS is employed to guarantee browser interactions occur strictly over secure connections.

icon of 3 laptop screen

Encryption

Onshape encrypts all documents with AES-256 and utilizes TLS v1.2 for all communications between your web client or mobile device and our servers. We block weak cipher suites while prioritizing the strongest available for secure, robust client-service interactions.

icon of key

Un gouvernement en forme

Onshape Government is a secure, cloud-native CAD and PDM solution tailored for U.S. government agencies, defense contractors, and organizations working with sensitive or regulated projects. Built on AWS GovCloud, Onshape Government helps customers meet ITAR and EAR compliance requirements.

icon of laptop with green checkmarks

Additional Information

Onshape's Enterprise Security

This infographic overviews Onshape’s Enterprise plan features for scalable access in addition to its security policies and practices.