Join our Live Demo Webinars hosted every Wednesday.    Register Now.

The ProntoForms SaaS security journey | data | ProntoForms

Product

Solutions

Pricing

Resources

close

Product

Solutions

Pricing

Resources

west

Why TrueContext

Field Service App Platform

Adapt, automate, and transform your field operation

Advanced Automation

Double the productivity, half the effort

Connected Data

Break down data silos across your business

Compliance & Security

A platform that meets your IT requirements

Capabilities

Workflow Creation

Built for complex field environments

Mobile App

Equip your teams anywhere and in any language

Reporting & Analytics

Visibility now, predictability for tomorrow

west

Use Cases

Installation

More assets in less time with guided workflows

Maintenance & Repair

Improve asset uptime with predictive maintenance

Inspections & Compliance

Optimize your operational excellence

Environment, Health & Safety

Protect workers, the public, and the environment

Industries

Industrial Equipment

Power asset performance and human safety

Medical Equipment

Precision for sophisticated instrumentation

Oil & Gas

Operational excellence across the energy stream

Field Service

Break new ground in productivity, quality, and safety

Use Case Spotlight

west

Explore

Customer Stories

TrueContext applied in enterprise environments

Professional Services

Digitization at speed and at scale

Events

Explore emerging trends with us at upcoming events

Blog

Stories and insights from the field

Learn

Knowledge Base

Answers to the most common product questions

Product Documentation

TrueContext features, usage, and technical details

TrueContext University

Hands-on training to optimize your deployment

Resource Library

Content for your industry and application

Connect

Community

Collaborate with industry peers

Contact Support

Having trouble? Ask our product support team

Talk to Sales

See how TrueContext can help your business

The ProntoForms SaaS security journey

ProntoForms' SaaS security journey
ProntoForms' SaaS security journey

Mobile app solutions are a key player in the shifting tech-enabled field service ecosystem. Despite the agility and optimization that come with switching to digital processes, many field service organizations perceive moving from paper to digital solutions as a relinquishing of data security. What’s preventing someone, anyone, from accessing, using, and disclosing sensitive ePHI or PII data online?

In order to provide enterprise-grade data collection in the field, ProntoForms takes the protection of data seriously. That’s why we actively and continuously seek validation of our security protocols on several fronts. Since our humble beginnings, ProntoForms has made security part of our DNA with a security and compliance journey to match.

HIPPA Certification

Our first milestone, achieved in 2017 and upheld since, certifies that the applications we release on the SalesForce AppExchange meet industry best security standards. This was followed in 2018 by a successful audit for compliance with the HIPAA Security Rule, conducted by third party security auditing specialist KirkpatrickPrice. The Health Insurance Portability and Accountability Act (HIPPA), passed in 1996, set a national standard to protect medical records and other personal health information (PHI). As an app solution for enterprises including medical device and life science institutions, we recognize the responsibility our in reducing organizational risks associated with data security. ProntoForms assures the confidentiality, integrity and availability of electronic protected health information, by upholding HIPPA certification standards that measure the effectiveness of our administrative, technical, and physical security. 

SOC 2 Type 1 & SOC 2 Type 2 Certification

ProntoForms took another step that same year down the Service Organization Controls (SOC) certification path. Our journey led to a successful SOC 2 Type 1 audit that verified our internal control designs meet with Trust Services Criteria. In March of 2019, ProntoForms successfully earned SOC 2 Type 2 compliance, verifying the operating effectiveness and reliability of these controls over an extended (18 month) period of time.

This significant milestone in ProntoForms compliance journey reiterated our dedication to the protection of data.

“Achieving compliance with the HIPAA Security Rule and receiving a SOC 2 Type II attestation is a great accomplishment for ProntoForms – especially when you consider that Trust Services Criteria that were included in the SOC 2 Type II audit. This commitment to compliance should provide clients with assurance that ProntoForms is handling data in a secure, reliable way,” said Joseph Kirkpatrick, President of KirkpatrickPrice.

Our journey though doesn’t end with SOC 2 Type 2 certification. A key and ongoing component of SOC 2 Type 2 certification involves employees at ProntoForms—from physical security in the office to acting as a human firewall against phishing attacks.

Phishing is big cybercrime business. It comes in targeted variants: phone, email, SMS text messages, fraudulent web pages, and misleading links. Part of our security compliance journey has involved ongoing phishing testing. Simulated phishing attacks are overseen, monitored, and addressed by KirkpatrickPrice. When ProntoForms first started on their phishing journey in November 2016, the baseline test had a 45.7% failure rate. At the time of writing, our phishing email failure rate has dropped sharply to a sustained 2.5%, with 71% of failures attributed to false emails form HR.

FDA Title 21 CFR Part 11 Certification

We recently extended the scope of our security compliance audits to include FDA Title 21 CFR Part 11. This regulation, issued by the US FDA, sets out security criteria for Electronic Records and Electronic Signatures (ERES) captured on electronic documents.

Obtaining Part 11 compliance augments our already very strong HIPAA and SOC 2 Type 2 compliance story. It demonstrates that we’re committed to growing our compliance footprint and that we take the security of sensitive data collected in the field very seriously. When working with compliance-sensitive companies, like biotech, pharma, healthcare, and medical device organizations, this is imperative.

When we set out on our SaaS security journey a few years back we faced a blank slate of unknowns. We began working in manageable chunks and now, after a lot of hard work and internal training, it’s become an integral part of ProntoForms’ DNA. In 2020 and beyond, we’ll pursue ongoing compliance certifications driven by the compliance needs of the industries we serve.

TrueContext Editorial Team

– on