Certified tried and true security

Experience security you can trust with OnAccount.

Data where it belongs; never where it doesn't

With OnAccount, you'll find comprehensive control of permissions so that people across your team can find centralised financial and operational data.

As a part of Sandfield, an ISO27001 certified organization, we adhere to a comprehensive set of practices and policies to protect your data. This means our security measures are constantly updated to meet industry standards and to respond to evolving threats.

Your data is safe with OnAccount.

Application Security

OnAccount leverages Sandfield's stringent security measures in all web applications, APIs, data exchanges, and integrations. We use encrypted communication, industry-standard authentication, and secure data exchange options including SSH tunnels and SSL/TLS encryption. Our integrations operate with minimal permissions, accessing only the necessary data.

Secure Environment

Our servers are hosted on Amazon Web Services (AWS), a platform with robust physical and virtualized computing environments assurances, including SOC 1, 2, 3, and ISO/IEC 27001 certifications. We operate within an Amazon Virtual Private Cloud (VPC) that maintains segregated subnets based on security levels and configured firewalls to restrict network access.

Proactive Practices

Our staff undergo regular training to maintain data safety, and they strictly follow our data protection policies. We actively monitor application logs, system logs, and data access logs for any unusual behaviour, with real-time alerts based on these monitors. All staff are background checked, and any non-essential data is removed after 90 days.


A shared responsibility

While we constantly work to uphold high security standards, it's a shared responsibility to ensure the security of your data. 
As a data connectivity tool, OnAccount connects with several organisations; each responsible for their data security.

Compliance and Regulations

We follow strict compliance with international standards and regulations:

  • ISO 27001: Our independent audits and certifications reassure that we uphold trusted security principles. For more details, download our ISO 27001 certificate.

  • GDPR: We comply with the European Union’s General Data Protection Regulation (GDPR), ensuring data protection and privacy for all individuals citizens of the European Union and the European Economic Area.


Incident Response

In case of an unlikely security incident, our trained response teams are ready to:

  • Respond promptly to alerts of potential incidents.
  • Determine the incident's severity.
  • Analyze and assess the extent of the incident.
  • Execute mitigation and containment measures, if necessary.
  • Communicate with relevant internal and external stakeholders, including notifying affected customers.
  • Gather and preserve evidence for further investigation.



See how OnAccount, as a part of Sandfield, upholds stringent security standards.