top of page
iStock-1299661547.jpg

Trust & Security

PDF

OnCue SDLC

Last updated 4/15/23

PDF

Basic Start Guide

An information must-read for all new users

PDF

OnCue Accessibility Conformance Report

​Revised Section 508 Edition
(Based on VPAT Version 2.4Rev)

PDF

OnCue EULA

Our End User License Agreement

​Trust begins with transparency.  Below you will find current information on OnCue security and compliance.

Security


Security Policies
Our security policies, controls, and standards cover a wide range of areas to include information security, incident response, access control, physical security, network security, vulnerability management, software/systems development life cycle, secure development, change management, vendor management, disaster recovery and business continuity. ​

Access Control
OnCue uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems.

Encryption
Data is transferred securely using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption. Data is also stored securely at rest with AES-256-bit encryption.

Vulnerability Management
OnCue performs regular application security vulnerability testing by internal security staff researchers/specialists.

Change Control
OnCue maintains systems development life cycle (SDLC) policies and procedures to guide in the documentation and implementation of application and infrastructure changes, in addition to maintaining industry standard best practices. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, testing requirements and required approval procedures. Version control maintains a history of code changes to track changes and to support rollback capabilities, if needed.


Compliance


OnCue has its systems, people, processes and controls certified and assessed through regular independent third-party audits.

American Institute of Certified Public Accountants (AICPA)
Service Organization Controls (SOC) reports are designed to help build trust and confidence in the services performed and controls of a service organization. A SOC2 Type II report provides detailed information about the suitability of the design of controls and an independent auditor’s assurance opinion on the operating effectiveness of the controls. Our SOC2 Type II examination report is available upon request by contacting our support team.

soc2logo.png
bottom of page