Critical Information Secure at Every Data State
Designers made OnBase to be one of the most secure enterprise information platforms on the market. In fact, our dedication to security gives our government organizations peace of mind in the confidentiality, integrity, and availability of their data. For example, you can deploy the OnBase platform in a DoD 5015.2 environment for records. Additionally, it supports two- factor authentication like Common Access Card (CAC), PIV authentication and can be deployed in a FIPS 140-2 compliant manner.
From inception through release and beyond, security is a priority when it comes to OnBase. Hyland employs a dedicated application security team. It has the responsibility of carrying out advanced security practices on the software. It also must training and consulting company-wide on security-related matters. Together, these practices ensure that government information is secure at every data state: at rest, in transit and in use. Together, these practices ensure that customers’ critical information is secure at every data state. This includes at rest, in transit and in use.
Security Throughout Product Development
Hyland considers application security in every step of the product development. This includes research, development, design and support. Hyland’s development process is informed by a security lifecycle program that was started by Microsoft, influenced by best practices and customized for Hyland. It integrates security into each development phase.
Throughout the development process, built-in ‘gates’ require the security team to sign off on development before the next phase can begin. Additionally, the last gate is directly before launch.
Threat modeling and risk assessments are performed throughout the entire process. As a result, this allows the team to proactively identify and address any potential issues.
Support Through Launch and Beyond
Hyland considers the post-launch phase to be an essential element of the product lifecycle. It continues to provide support by proactively monitoring, identifying and remediating any security concerns that may arise after OnBase is launched.