Last Updated: August 2017
Have any questions?
Would you like a copy of our Independent Security Audit?
Call us today (949) 387-5400
or send us an email at Info@Secure-Dock.com
- AES (Advanced Encryption Standard) 256 bit – Highest Level Available
- Encryption of data at rest, pending distribution and while in transit.
- Extended Validation Certificate SSL (Secure Socket Layer)
- TLS (Transport Layer Security) version 1.0 or higher
- Unique username
- Strong password requirements (character and case sensitive)
- reCAPTCHA protects against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)
Secure File Transfer
SecureDock’s unique file transfer process leverages Secure “link” Transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted at rest, pending distribution, and through distribution.
SecureDock utilizes a series of email authentication/validation methods designed to ensure the successful delivery of email notifications sent via the SecureDock web application, as well as preventing unauthorized sending of emails from illegitimate parties.
Authentication Methods Include:
- SPF – (Sender Policy Framework)
- DKIM – (DomainKeys Identified Mail)
- DMARC – (Domain-based Message Authentication, Reporting & Conformance)
Server Specific Anti-Virus Protection
SecureDock leverages advanced anti-malware, anti-ransomware, and HIPS (Host-based Intrusion Prevention System) providing easy, centralized management of the security of all virtual servers on the cloud.
- Hosted at an international hosting facility with a global infrastructure.
- Data center specifications restrict access to only data center specialists.
- SecureDock utilizes multiple private dedicated servers for our application, data and backup servers.
- UPS (Uninterruptible Power Supply) for all servers.
- N+1 redundant UPS power subsystem.
- Tier One (1) Internet connectivity; 8 ISP providers.
- Disaster recovery plan in place to protect against all natural disasters.
Security Standards and Compliance
All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, and is only decrypted at download. At SecureDock, your information is encrypted at rest, pending distribution, and while in transit.
Usernames and Strong Passwords
Both are required to access the SecureDock Web-Application. Each individual user has sole possession of their own password which can be updated, if desired, from within the users account settings.
reCAPTCHA – Stopping Unauthorized Entry
In addition to unique username and strong password requirements, users will be required to complete a reCAPTCHA check box when logging into the SecureDock Web-Application. CAPTCHA (Complete Automated Public Turing Test) designed to establish that a computer user is human. A human must view and click on the reCAPTCHA checkbox, or, if asked, complete a CAPTCHA image quiz to verify that they are human. This will prohibit any computer/bot generated entry.
The SecureDock application and stored data are hosted at a top ranked hosting facility.
- The hosting company is a 24/7/365 facility; nine (9) data centers, six (computer/boted States and three (3) internationally, with qualified technicians in multiple geographically redundant locations.
- The facility itself incorporates the highest level of security; only company certified data center specialists are allowed onto the server/production floor.
- Internet Carriers: The hosting facility provides eight (8) ISP tier 1 providers with redundancy between providers.
- SecureDock has entered into a full-service contract incorporating private, dedicated servers for our application. This is a significant difference from most cloud data storage systems.
- SecureDock has incorporated a disaster recovery plan which insures against any and all natural disasters.
To stay protected against ever evolving threats, SecureDock regularly undergoes extensive vulnerability and penetration testing and has on file a current External Network Security Vulnerability Assessment and Web Application Security (ENSVA-WAS) report. Through the ENSVA-WAS process, SecureDock has been awarded its best and highest security rating.
- PCI DSS (Payment Card Industry Data Security Standard)
All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
- SSAE / SAS70 (Statement on Standards for Attestation Engagements)
All SecureDock hosting facilities procedures are in compliance with the SSAE Type 1 and Type 11 guidelines as it pertains to information technology and related processes.
- HIPAA (Health Insurance Portability and Accountability)
In order to protect sensitive health information, the SecureDock Web-Application utilizes administrative, physical and technical safeguards, which fall into accordance with the U.S. Department of Health and Human Services.
- TRID (TILA / RESPA Integrated Disclosure)
The SecureDock application provides mortgage professionals with a secure workflow through the loan process, while also providing strong documentation to support compliance of the TILA-RESPA Integrated Disclosure Rule.