Skip to content
  • Home
  • /
  • Ondox Security & Compliance Overview (North America)

Ondox Security & Compliance Overview (North America)

Last Revised |   13 March, 2026

Security & Technical Controls

Enterprise-Grade Security, Built Into Every Layer

Ondox Limited provides a secure digital mailroom and AI-driven document processing platform built for document-intensive organisations that require reliability, compliance, and full operational control.

Security is embedded into every layer of our architecture — from cloud infrastructure and encryption to access management and application design — ensuring sensitive information remains protected at all times across document workflows.

This overview applies to our North American cloud environment hosted at:
https://na.ondox.ai

Secure Cloud Infrastructure

Ondox is hosted on Microsoft Azure in the US East 2 and Central regions, leveraging enterprise-grade infrastructure and globally recognised security standards.

Our infrastructure includes:

  • Multi-layered firewall protection
  • DDoS mitigation and intrusion detection systems
  • High-availability architecture with replication and redundancy
  • Automated security patching with monitoring and alerting
  • Advanced threat detection and malware protection

We remove single points of failure and continuously monitor for security anomalies.

Encryption & Data Protection

Customer data remains protected at every stage of its lifecycle.

  • Data at Rest: Encrypted using AES-256
  • Data in Transit: Encrypted using TLS 1.3
  • Dedicated and segregated customer databases
  • Encryption keys managed securely within Azure Key Vault
  • Optional Canadian data residency for data at rest

Customer environments are logically segregated. Ondox does not co-mingle customer data.

Access & Identity Management

Access to the Ondox platform is governed by strict identity and role-based controls.

  • Multi-Factor Authentication (MFA) for administrative access
  • Role-Based Access Control (RBAC) aligned to least-privilege principles
  • Single Sign-On (SSO) and OAuth 2.0 integration
  • Optional IP whitelisting for controlled login access

Users only access the data and functionality necessary for their role.

Secure Software Development

Security is integrated throughout development lifecycle.

  • Automated static code analysis using Veracode
  • Secure coding practices aligned to OWASP Top 10
  • Ongoing vulnerability management and remediation
  • Regular independent penetration testing by a CREST-certified provider

Security testing is continuous, not periodic.

Compliance & Certifications

Ondox aligns with recognised international security and privacy standards. These include:

  • ISO 27001
  • SOC 2 Type II
  • Cyber Essentials
  • CCPA compliance for North American data protection

Compliance documentation and security reports are available upon request.

Monitoring, Logging & Auditability

Full transparency is central to how Ondox operates.

  • Comprehensive security logging
  • Continuous 24/7 monitoring
  • Log retention aligned with compliance requirements
  • Full document lifecycle audit trails

All document activity is traceable and reviewable.

Availability & Business Continuity

Ondox is designed for operational resilience.

  • 99.9%+ uptime SLA
  • Automated backups
  • Geographically redundant disaster recovery
  • Azure-based replication for high availability

Business continuity planning is embedded into our cloud architecture.

Incident Response & Responsible Disclosure

Ondox maintains a formal Incident Response Plan aligned to ISO 27001 and SOC 2 Type II frameworks.

All security incidents are:

  • Promptly investigated
  • Escalated to appropriate security leadership
  • Managed through structured remediation processes
  • Communicated transparently to affected parties
  • Documented with root cause analysis and corrective actions

Where required, regulatory notifications are completed in accordance with applicable legislation.

Confidential security concerns may be reported to:
whistleblowing@ondox.ai

Security Designed for Control

Ondox is built for organisations that require:

  • Secure document handling
  • Controlled access
  • Clear governance
  • Full auditability
  • Enterprise-grade reliability

Security is not an add-on. It is foundational to how the platform operates.

Got a question?

Got a question?

Talk to our experts in our live chat.