April 26, 2016

Security

 

Clouds

 

Have any questions?

Would you like a copy of our Independent Security Audit?

Call us today (949) 387-5400

or send us an email at Info@Secure-Dock.com.

Security Features

Encryption

  • AES (Advances Encryption Standard) 256 bit – Highest Level Available
  • Encryption of data at rest, pending distribution and through distribution
  • Extended Validation Certificate SSL (Secure Socket Layer)

Access Restrictions

  • Username (unique and case sensitive)
  • Password requirements (character and case sensitive)
  • CAPTCHA image code to protect against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)

Document Distribution

SecureDock’s unique document distribution process leverages secure “link” transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted pending distribution and through distribution.

Hosting

  • Hosted at an international hosting facility with a global infrastructure
  • Data center specifications restrict access to only data center specialists.
  • SecureDock utilizes multiple private dedicated servers for our application, data and backup servers
  • UPS (Uninterruptible Power Supply) for all servers
  • N+1 redundant UPS power subsystem
  • Tier One (1) Internet connectivity; 8 ISP providers
  • All data is backed up utilizing a five (5) point best practices program
  • Disaster recovery plan in place to protect against all natural disasters

Security Standards and Compliance

Protection of information held in SecureDock is of utmost importance. The information stored is not only important, but personal and private. We are in the business of data security.

Please see below the steps SecureDock incorporates to keep all our client’s documents safe and for their eyes only.

Encryption

  • All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, and is only unencrypted at downloaded. At SecureDock, your information is encrypted desktop to desktop.

Usernames and Strong Passwords

  • Both are required to log into the Client Virtual Safe and Medical Passport. Each client has sole possession of their password which can be changed, as desired, on the site’s Docking Port.

CAPTCHA – Stopping Unauthorized Entry

  • In addition to the username and password, at the Client Login, the client will enter a CAPTCHA image. CAPTCHA – Complete Automated Public Turing Test to Tell Computers and Humans Apart. A human must view the image and re-enter it into a data field. This will prohibit a computer generated entry.

Hosting Facilities

The SecureDock application and stored data are hosted at a top ranked hosting facility.

  • The hosting company is a 24/7/365 facility; nine (9) data centers, six (6) in the United States and three (3) internationally, with qualified technicians in multiple geographically redundant locations.
  • The facility itself incorporates the highest level of security; only company certified data center specialists are allowed onto the server/production floor.
  • Internet Carriers: The hosting facility provides eight (8) ISP tier 1 providers with redundancy between providers.
  • SecureDock has entered into a full-service contract incorporating private, dedicated servers for our application. This is a significant difference from most cloud data storage systems.
  • SecureDock incorporates daily and weekly full differential backups through a five (5) point best practices program.
  • SecureDock has incorporated a disaster recovery plan which insures against any and all natural disasters.

Compliance

  • PCI
    All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
  • SSAE (SAS70)
    All SecureDock hosting facilities procedures are in compliance with the SSAE Type 1 and Type 11 guidelines as it pertains to information technology and related processes.
  • HIPAA
    The SecureDock application is HIPAA compliant.
  • ENSVA-WAS
    SecureDock has on file a current External Network Security Vulnerability Assessment and Web Application Security (ENSVA-WAS) report. ENSVA-WAS awarded SecureDock its best and highest security rating.

Privacy Policy