At OnlinePajak, we take security seriously

We ensure the confidentiality, availability, and integrity of your data with industry best practices, as we operate in data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1.

We are using a modern framework for developing our applications that address some of the common security threats out-of-the-box. We also do code review and automatic scan for any security vulnerabilities before we merge the code and release it to production.

We maintain a globally distributed security team that is on call 24/7 to respond to security alerts. Through network vulnerability scanning, the use of intrusion detection and intrusion prevention systems, and by participating in several Threat Intelligence Programs, we keep a continuous watch on the security of our customers’ data.

We maintain a disaster recovery program to ensure services remain available or are easily recoverable in the case of a disaster. Customers can remain up-to-date on availability issues through a publicly available status website covering scheduled maintenance and service incident history.

Communications between customer and OnlinePajak servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. Our customers can benefit from the protection provided by encryption at rest for their primary and secondary DR data stores and storage of attachments.

We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. We also provide for 2-factor authentication and IP restrictions to enable partners to determine who can access their services.

We implement security best practices, in addition to what AWS, Alicloud, etc, already provide, to meet not just industry-based compliance, but the most stringent requirements.