Secure Forms, SSL, & Other Form Security Answers
Form security is a constant topic at Formsite and a daily source of questions. Regardless of the type or amount of information being collected, secure forms are provided to every account at every service level.
The most common questions we receive about secure forms include:
- How do I know if I have secure forms?
- Are embedded forms secure?
- What is ‘Security Compliance’?
- Who needs HIPAA-compliance?
How do I know if I have secure forms?
Websites are secured by using an SSL certificate, and the connection is secured when that security certificate is used to create your connection. The main visual attributes that indicate secure forms are:
Secure | Non-secure |
---|---|
Starts with ‘https’ | Does not start with ‘https’ |
Browser displays a lock | Browser displays no lock |
All Formsite form links are provided using the secure ‘https’ link prefix for all forms and service levels. By default, forms are also accessible with the non-secure ‘http’ prefix.
Are embedded forms secure?
The embed code inserts an iframe ‘window’ in the host site and displays the form through the window. The default embed code uses the ‘https’ address for secure forms, and continues to protect the information entered into forms regardless of whether the host site is secure or non-secure.
In other words, if the embedded form uses ‘https’ then yes, the form is secure.
Do I need an SSL certificate?
The SSL certificate is the security method used to protect the connection and is what makes Formsite forms secure. Since all Formsite forms are protected with Formsite’s SSL certificate, no, the embedding site does not need an additional SSL certificate.
Can I use a different site’s SSL certificate?
The embedding site can use a SSL certificate to secure the host site, but it’s not possible to use a custom SSL certificate with Formsite forms.
What is ‘Security Compliance’?
The detailed pricing page shows that Pro 3 and higher service levels have the ‘Security Compliance’ settings. These features include the ability to use two-factor authentication to further protect the main account and Sub-user accounts, and the application of the 99.9% Service Level Agreement.
Who needs HIPAA-compliance?
The HIPAA features are provided at the Enterprise service level after the BAA has been completed by both organizations and enabled in the Formsite account. HIPAA is a healthcare-oriented program to provide enhanced protection for personal healthcare information, and is typically needed by organizations that collect protected information.
For more information about our HIPAA services, visit our HIPAA compliant forms page.