Security Overview

At OrNsoft, security is our number one priority. We have taken comprehensive steps to guarantee that your messages, actions, and files are secure inside the OrNsoft applications including AdminCore. This standard for security is true across our application, user, network, data center, and network layers.

We are SOC2 self-certified.

Download our full security white paper here.

Application Security

• Validated access control – OrNsoft uses industry-leading password and authentication techniques to validate access to all data based on a user’s privileges. Unauthorized access will cause an error and send flagged reports to our security team. Repeated unauthorized attempts are rate-limited and blocked after a short threshold.
• Progressive user authentication – OrNsoft employs rigorous user authentication which is used with every request to the application. Every network request in OrNsoft is only allowed after the system confirms that the user is who they claim they are and has the privileges to perform the action.
• User request tracking – The OrNsoft security team maintains audit logs of all actions performed on behalf of every user. Any irregularities are flagged and alert our security team immediately by email, SMS, and push notifications. In the case of an irregularity, OrNsoft defaults to rate-limiting and blocking of requests.

User Security

• Company security model – OrNsoft uses separate Company ID as a hierarchy to keep all messages, groups, actions, and files private for your organization. Any attempted access by a user not identified as a member of an organization’s workspace is flagged, requests are blocked and reported to our security team.
• Restricting Access – AdminCore Company IDs are not public or discoverable by new users unless the Company administrator provides access.
• Expiring links – OrNsoft uses strict URI expiration so that any resources exposed by the application expire after 60 minutes and are only refreshed just in time for authenticated user access.

Network Security

• Across the board SSL security – OrNsoft forces 256-bit Secured Socket Layer security at every network entry-point to encrypt data between the end user and AdminCore. All data transferred between AdminCore users, servers and the internet interchange securely.
• AdminCore Application is not indexed by Search Engines – OrNsoft disallows indexing of all application information by search engines or robots. This means no external random internet access of your workspaces, groups, messages, actions, and files. All data structures are encrypted before being sent to our servers and encoded once they arrive.

Data Center & Hosting Security

• Physical Access Control – OrNsoft hosts its servers at multiple geographically separated, enterprise-grade data centers. All data is stored and encoded on a secure internal storage cluster behind an enterprise-grade firewall. We store local snapshots of data and we backup all data hourly.
• Assurance and Accreditation – All OrNsoft hosting is ISO 27001 accredited. We have developed a security assurance program using global privacy and data protection best practices in order to help customers establish, operate and leverage our security control environment.
• Fault Tolerance – Our data storage cluster provides N+1 fault tolerance; single node faults still maintain 100% data integrity.

Security Vulnerability Disclosure Program

OrNsoft maintains a Vulnerability Disclosure Program (VDP) which security vulnerabilities and bugs related to AdminCore web application (app.admincore.com), mobile application, and desktop application can be submitted. The OrNsoft security team pays bounties for reports based on level of severity. To report a vulnerability, please submit this form with a description of the vulnerability and, if possible, clear steps to reproduce.