Créez un compte étudiantOnshape Security Practices
Our comprehensive approach to privacy, data, and intellectual property security
Our comprehensive approach to privacy, data, and intellectual property security
Why is Security & Privacy our #1 Priority?
As a cloud-native solution, security, trust, and reliability are imperative to our success. Onshape has an internet-based infrastructure, so we prioritize security by enforcing robust measures. This includes end-to-end encryption, continuous monitoring, and regular compliance checks with industry standards. Our security framework is meticulously crafted to protect data at every stage of product design and collaboration. We ensure that your work stays secure, private, and accessible solely to authorized personnel. This allows you to concentrate on what truly matters: designing and building exceptional products.
Principales fonctions
Sharing
With Onshape's permission settings, users have complete control over who can edit, view, and/or share their data, ensuring intellectual property integrity. Onshape keeps your data safe while by facilitating seamless, file-free collaboration by making use of URL/hyperlink based sharing. This cloud approach to sharing data improves workflow efficiency while protecting intellectual property. Documents are kept on secure servers, and permissions can be adjusted or revoked instantly.
External Audits
Onshape completes a SOC 2, Type 2 audit annually, which certifies compliance with the American Institute of Certified Public Accountants (AICPA) SOC 2 Trust Services Criteria requirements. This delves into security policies, communication protocols, software design, data access controls, risk mitigation strategies, and more. This is a rigorous external audit that assesses whether a company's systems and processes are properly designed and adhered to.
A copy of Onshape’s SOC 2 report is available under NDA.
PCI Security Standards
Onshape uses a third-party payment processor to handle transactions securely. Credit card details are encrypted and sent directly to the processor from your device, bypassing Onshape’s servers. This ensures your sensitive financial information is not stored by Onshape. The processor adheres to PCI standards, helping maintain payment security and compliance.
Communications Security
Onshape prioritizes security for all online interactions by mandating HTTPS across our public website, community forums, and other services. Comprehensive audits on SSL/TLS configurations, including certificate validation, issuing authorities, and cipher suites, are regularly conducted. Automated tools continuously assess our servers for vulnerabilities, and HSTS is employed to guarantee browser interactions occur strictly over secure connections.
Encryption
Onshape encrypts all documents with AES-256 and utilizes TLS v1.2 for all communications between your web client or mobile device and our servers. We block weak cipher suites while prioritizing the strongest available for secure, robust client-service interactions.
Un gouvernement en forme
Onshape Government is a secure, cloud-native CAD and PDM solution tailored for U.S. government agencies, defense contractors, and organizations working with sensitive or regulated projects. Built on AWS GovCloud, Onshape Government helps customers meet ITAR and EAR compliance requirements.
Additional Information
Onshape's Enterprise Security
This infographic overviews Onshape’s Enterprise plan features for scalable access in addition to its security policies and practices.