Give us a call today (949) 387-5400

Security Features

Last Updated: March 2023

Have any questions?

Would you like a copy of our Independent Security Audit?

Call us today

(949) 387-5400

or send us an email at

info@Secure-Dock.com

Encryption Methods

  • AES (Advanced Encryption Standard) 256 bit – Highest Level Available
  • Encryption of data at rest, pending distribution, and while in transit
  • Extended Validation Certificate SSL (Secure Socket Layer)
  • TLS (Transport Layer Security) version 1.2

Login Security Features and Options

  • Unique usernames and strong passwords
  • Secure Federated Access using OAuth 2.0
  • reCAPTCHA protects against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)
  • Two-Factor Login Authentication via SMS text or Authenticator App
  • IP Address restrictions
  • Single Sign-On (SSO) via Microsoft Azure Active Directory and OKTA

Document Package Download Access Restrictions

  • Increase document security with access codes for outbound file packages.
  • Optional SMS Text access codes for outbound file packages.

Secure File Transfer

SecureDock’s unique file transfer process leverages Secure “link” Transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted at rest, pending distribution, and through distribution.

Email Authentication

SecureDock utilizes a series of email authentication/validation methods designed to ensure the successful delivery of email notifications sent via the SecureDock web application, as well as preventing unauthorized sending of emails from illegitimate parties.

Authentication Methods Include:

  • SPF – (Sender Policy Framework)
  • DKIM – (DomainKeys Identified Mail)
  • DMARC – (Domain-based Message Authentication, Reporting & Conformance)

SecureDock Anti-Virus Scan Utility

SecureDock’s unique Anti-Virus Scan Utility automatically scans documents upon upload. You can rest easy knowing your files are being protected from known viruses and malware.

Server Specific Anti-Virus Protection

SecureDock leverages advanced anti-malware, anti-ransomware, and HIPS (Host-based Intrusion Prevention System) providing easy, centralized management of the security of all virtual servers.

Dynamic and Static Code Scanning

SecureDock utilizes built-in scanning tools to analyze web application performance and identify potential vulnerabilities within the runtime environment.

Web Application Firewall

SecureDock’s Application Gateway and Firewall screens and blocks traffic from suspicious or restricted users, as well as protects against common web-hacking techniques.

 

 

Security Standards and Compliance

 

Protection of information held in SecureDock is of utmost importance. The information stored is not only important but personal and private. We are in the business of data security. All file transfers between you and your recipients are treated confidentially. For more information on how we manage your data, please read our Privacy Policy.

Encryption

All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, remains encrypted during transfer, and is only decrypted at download. At SecureDock, your information is encrypted at rest, pending distribution, and while in transit.

Usernames and Strong Passwords

Both are required to access the SecureDock Web-Application. Each user has sole possession of their password which can be updated, if desired, from within the user’s account settings page.

reCAPTCHA – Stopping Unauthorized Entry

In addition to a unique username and strong password requirements, users will be required to complete a reCAPTCHA checkbox when logging into the SecureDock Web-Application. CAPTCHA (Complete Automated Public Turing Test) is designed to establish that a computer user is human. A human must view and click on the reCAPTCHA checkbox, or, if asked, complete a CAPTCHA image quiz to verify that they are human. This will prohibit any computer/bot-generated entry.

Two-Factor Authentication (Optional)

SecureDock offers optional or required Two Factor Authentication (2FA) via SMS text or Authenticator App. 2FA can be configured at the company-level and can be applied for individual user logins or outbound file transfers. 

Hosting Facilities

The SecureDock application and stored data are hosted at a top-ranked international hosting facility.

  • The hosting company is a 24/7/365 international facility with a global infrastructure.
  • The data center provides high availability, low latency, scalability, and the latest advancements in cloud infrastructure.
  • SecureDock has entered into a full-service contract managing its cloud infrastructure.

Disaster Recovery

SecureDock has incorporated a disaster recovery plan which ensures against natural and manmade disasters. Currently SecureDock reports at 2-hour Recovery Time Objective (RTO) and a 15-minute Recovery Point Objective. Please refer to SecureDock’s Information Technology Disaster Recovery Plan for details.

Vulnerability Studies and Penetration Testing

To stay protected against ever-evolving threats, SecureDock regularly undergoes extensive vulnerability and penetration testing. The company has on file a current Attestation Letter providing evidence of the Independent External Network and Application Layer Vulnerability Assessment and Penetration Test. The testing strictly follows the guidelines outlined in NIST 800-53, ISO 27002, and the Open Web Application Security Project (OWASP). SecureDock has been awarded its best and highest security rating.

Industry Compliance

  • PCI DSS (Payment Card Industry Data Security Standard)
    All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
  • SSAE 18 – SOC 2 Type ll
    All SecureDock hosting facilities and their procedures comply with the SSAE 18 SOC Type 1 and Type 11 guidelines as it pertains to information technology and related security, availability, processing integrity confidentiality, and privacy processes. In January of 2021, SecureDock has completed a company-wide internal SOC 2 Type II audit. CLICK HERE for more information
  • HIPAA (Health Insurance Portability and Accountability)
    To protect sensitive health information, the SecureDock Web-Application utilizes administrative, physical, and technical safeguards, which fall into accordance with the U.S. Department of Health and Human Services.
    *Specialized server required for HIPAA Compliance.
  • TRID (TILA / RESPA Integrated Disclosure)
    The SecureDock application provides mortgage professionals with a secure workflow through the loan process, while also providing strong documentation to support compliance with the TILA-RESPA Integrated Disclosure Rule.     CLICK HERE for more information
  • GDPR (General Data Protection Regulation)
    SecureDock is compliant with the General Data Protection Regulation ensuring that data processed through our application is not disclosed or sold to third parties.
  • CCPA (California Consumer Privacy Act)
    SecureDock is compliant with the California Consumer Privacy Act ensuring that data processed through our application is not disclosed or sold to third parties.

View our Privacy Policy