DocDep Security

Security measures are our number one priority

From system architecture to data storage, we make sure that all your materials are readily accessible, securely shared, and completely backed-up.

You won’t have to worry ever again about file corruption or physical loss. We’ve got you covered.

We follow US DOD standards for data storage

256-bit digital certificates for network and storage encryption

SSAE16 SOC2 compliant (replaced SAS70)

Hardened, secure data centers are monitored 24 x 7 x 365

Replication of data to a secure data center; secondary server in separate geographical location.

 

Here's how we do it...

System Architecture

DocDep's applications make use of a mature set of Lotus Domino security protocols to ensure that data is safeguarded at each the following levels: server, database, view, document, and individual fields. By ensuring security at each level, we are able to segregate data and resist url spoofing and other potential user infringement.

256-Bit Encryption

The 256-bit encryption is the largest advanced encryption standard used both in the US and worldwide.

US DOD 5012

Designed by the U.S. Department of Defense and used by all federal agencies, this security standard outlines what the government requires of any programs or software it would use to store electronic records. It addresses required system interfaces and search criteria that these programs must support and describes the minimum requirements that these services must meet based on regulations issued by the National Archives.

SSAE16 SOC 2

SAS 70 (Statement on Auditing Standards No. 70) has been around for nearly 20 years. First released in 1992, it has been the gold standard for data center users to assure that their data center is secure and operating under proper control systems. The problem with the SAS 70 standard according to the American Institute of CPAs (AICPA) is that SAS 70 was never designed to be used by service organizations that offer colocation, managed servers or cloud hosting services in this manner. It was focused on internal controls over financial reporting.

SSAE 16 (Statements on Standards for Attestation Engagements No. 16) is the next generation of AICPA standards for reporting on controls at service organizations (including data centers) in the United States. SSAE 16 goes beyond SAS 70 by requiring the auditor to obtain a written assertion from management regarding the design and operating effectiveness of the controls being reviewed. SSAE 16 also provides better alignment with the international audit standard ISAE 3402.

SOC 2 provides much more stringent audit requirements with a stronger set of controls and requirements specifically designed around data center service organizations. SOC 2 provides a standard benchmark by which two data center audits can be compared against the same set of criteria. In contrast to an SSAE-16 engagement, where the data center operator defines the criteria for an audit, the SOC 2 Report uses specifically pre-defined control criteria related to 1) security, 2) availability, 3) processing integrity, 4) confidentiality or 5) privacy of a system and its information.

ISO 27001

An information security management systems standard that certifies an organization has thoroughly evaluated its security risks and vulnerabilities, designed and implemented a comprehensive package of security controls and has adopted an overarching management process to continually monitor and update security standards. Subject to audits and third party certification, the ISO 27001 confirms DocDep management’s commitment to information security.