SECURITY OVERVIEW

Security practices built for trust.

COI DASH, operated by OneSpring LLC, is intended for teams that handle vendor onboarding, insurance records, and operational risk. This page outlines the general controls and processes we use to protect platform data, support availability, and respond to security concerns. It is written as a public-facing overview rather than a formal security exhibit or contractual commitment, and our specific practices may evolve over time.

Encryption in transit and at rest Access controls and auditability Security contact: security@coidash.com

Least-privilege access

Administrative access is limited based on job function, approved business need, and environment-specific permission boundaries.

Protected data paths

We use encryption, secure transport, logging, and operational controls designed to reduce unauthorized access to customer and vendor data.

Operational readiness

We monitor production systems, review incidents, and maintain response processes intended to contain issues and restore service promptly.

Security program

COI DASH is operated by OneSpring LLC, a Georgia limited liability company (“OneSpring,” “we,” or “us”). We maintain a security program designed around confidentiality, integrity, and availability. Our internal practices are intended to cover secure configuration, employee awareness, vendor reviews, environment management, and change controls appropriate for a cloud-based B2B SaaS product handling operational compliance data.

Access management

We restrict access to systems and data based on role and operational need. Administrative actions are limited to authorized personnel, and access is reviewed periodically. We aim to use strong authentication practices, environment separation, and auditable workflows for changes that affect sensitive systems or production data.

Data protection controls

COI DASH is built to protect data throughout its lifecycle. Common controls may include:

  • Encryption of data in transit using modern transport security.
  • Encryption of stored data and secured storage layers for platform records and uploads.
  • Logical segregation of customer data within the application.
  • Audit logging for important account, review, and administrative events.
  • Backups and controlled restoration procedures for critical platform data.

Monitoring and incident response

We monitor platform health, application behavior, and security-relevant events to identify potential issues and unusual activity. When a suspected security incident is identified, we investigate, contain, remediate, and document the event. Where required by law or contract, affected customers are notified through the appropriate communication channels.

Infrastructure and third-party vendors

We rely on trusted third-party infrastructure and service providers to host, operate, and support parts of the COI DASH service. We seek to evaluate these providers for security fit, and we use contractual or operational safeguards intended to support appropriate handling of customer information. The COI DASH service is hosted in the United States.

Availability and resilience

We design the platform to support continuity through redundancy, backup practices, monitoring, and operational runbooks. While no system can guarantee uninterrupted availability, we aim to reduce downtime risk, detect failures quickly, and recover from service disruptions in a controlled manner.

Your responsibilities

Security is a shared responsibility. We work to protect the platform, and customers are responsible for how they configure and use it. This includes managing their own users and roles, keeping account credentials confidential, enabling available security features, reviewing access periodically, and promptly reporting any suspected compromise.

Customers are also responsible for the accuracy and compliance of the records they manage in COI DASH. The platform helps organize and review Certificates of Insurance, but it does not replace your own review — you remain responsible for confirming that a certificate or vendor actually meets your requirements before relying on it.

Important notice

This page describes our general security practices and is provided for informational purposes only. It is not a warranty, guarantee, or contractual commitment, and it does not create security or service-level obligations beyond those set out in a signed agreement between you and OneSpring. If a signed agreement or data processing addendum addresses security, that agreement controls.

No system, and no method of transmission or storage, is completely secure. We cannot guarantee that the service will be free from unauthorized access, vulnerabilities, or data loss, and the practices described here may change as the product and the threat landscape evolve.

Reporting vulnerabilities or concerns

If you believe you have found a security issue, vulnerability, or suspected misuse involving COI DASH, contact security@coidash.com. Please include relevant details, affected URLs or workflows, timestamps, and any supporting evidence so the issue can be reviewed efficiently.

We appreciate good-faith security research. If you report an issue responsibly, give us reasonable time to investigate and remediate before disclosing it publicly, and avoid accessing or altering data that is not yours, we will not pursue legal action against you for that research. Please do not perform testing that degrades, disrupts, or harms the service or other users.