Security Measures Are Our Number One Priority
From system architecture to data storage, we make sure that all your materials are readily accessible, securely shared, and completely backed-up. You will never have to worry ever again about file corruption or physical loss. We have got you covered.
We follow US DOD standards for data storage
256-bit digital certificates for network and storage encryption
SSAE16 SOC2 compliant (replaced SAS70)
Hardened, secure data centers are monitored 24 x 7 x 365
Replication of data to a secure data center; secondary server in separate geographical location
Here's how we do it...
DocDep's applications make use of a mature set of Lotus Domino security protocols to
ensure that data is safeguarded at each the following levels:
server, database, view, document, and individual fields. By ensuring
security at each level, we are able to segregate data and resist URL
spoofing and other potential user infringement.
Designed by the U.S. Department of Defense and
used by all federal agencies, this security standard outlines what
the government requires of any programs or software it would use to
store electronic records. It addresses required system interfaces and
search criteria that these programs must support and describes the
minimum requirements that these services must meet based on regulations
issued by the National Archives.
An information security management systems standard
that certifies an organization has thoroughly evaluated its security
risks and vulnerabilities, designed and implemented a comprehensive
package of security controls and has adopted an overarching management
process to continually monitor and update security standards. Subject to audits and third
party certification, the ISO 27001 confirms DocDep management’s
commitment to information security.
SAS 70 (Statement on Auditing Standards No. 70) has been around for nearly 20 years.
First released in 1992, it has been the gold standard for data center users to assure that their data center is secure
and operating under proper control systems. The problem with the SAS 70 standard according to the American Institute
of CPAs (AICPA) is that SAS 70 was never designed to be used by service organizations that offer colocation,
managed servers or cloud hosting services in this manner. It was focused on internal controls over financial reporting.
SSAE 16 (Statements on Standards for Attestation Engagements No. 16) is the next generation of AICPA standards for reporting on controls at service organizations (including data centers) in the United States. SSAE 16 goes beyond SAS 70 by requiring the auditor to obtain a written assertion from management regarding the design and operating effectiveness of the controls being reviewed. SSAE 16 also provides better alignment with the international audit standard ISAE 3402.
SOC 2 provides much more stringent audit requirements with a stronger set of controls and requirements specifically designed around data center service organizations. SOC 2 provides a standard benchmark by which two data center audits can be compared against the same set of criteria. In contrast to an SSAE-16 engagement, where the data center operator defines the criteria for an audit, the SOC 2 Report uses specifically pre-defined control criteria related to 1) security, 2) availability, 3) processing integrity, 4) confidentiality or 5) privacy of a system and its information.
The 256-bit encryption is the largest advanced encryption standard used both in the US and worldwide.