Security Features

Last Updated: April 2020


Have any questions?

Would you like a copy of our Independent Security Audit?

Call us today

(949) 387-5400

or send us an email at



  • AES (Advanced Encryption Standard) 256 bit – Highest Level Available
  • Encryption of data at rest, pending distribution and while in transit.
  • Extended Validation Certificate SSL (Secure Socket Layer)
  • TLS (Transport Layer Security) version 1.2 

Access Restrictions

  • Unique username
  • Two-Factor login authentication
  • Strong password requirements (character and case sensitive)
  • reCAPTCHA protects against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)

Secure File Transfer

SecureDock’s unique file transfer process leverages Secure “link” Transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted at rest, pending distribution, and through distribution.

Email Authentication

SecureDock utilizes a series of email authentication/validation methods designed to ensure the successful delivery of email notifications sent via the SecureDock web application, as well as preventing unauthorized sending of emails from illegitimate parties.

Authentication Methods Include:

  • SPF – (Sender Policy Framework)
  • DKIM – (DomainKeys Identified Mail)
  • DMARC – (Domain-based Message Authentication, Reporting & Conformance)

SecureDock Anti-Virus Scan Utility

SecureDock’s unique Anti-Virus Scan Utility automatically scans documents upon upload. You can rest easy knowing your files are being protected from viruses, malware, and other malicious content.

Server Specific Anti-Virus Protection

SecureDock leverages advanced anti-malware, anti-ransomware, and HIPS (Host-based Intrusion Prevention System) providing easy, centralized management of the security of all virtual servers.


Security Standards and Compliance


Protection of information held in SecureDock is of utmost importance. The information stored is not only important but personal and private. We are in the business of data security. All file transfers between you and your recipients are treated confidentially. For more information on how we manage your data, please read our Privacy Policy.


All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, and is only decrypted at download. At SecureDock, your information is encrypted at rest, pending distribution, and while in transit.

Usernames and Strong Passwords

Both are required to access the SecureDock Web-Application. Each individual user has sole possession of their own password which can be updated, if desired, from within the users account settings.

reCAPTCHA – Stopping Unauthorized Entry

In addition to unique username and strong password requirements, users will be required to complete a reCAPTCHA checkbox when logging into the SecureDock Web-Application. CAPTCHA (Complete Automated Public Turing Test) designed to establish that a computer user is human. A human must view and click on the reCAPTCHA checkbox, or, if asked, complete a CAPTCHA image quiz to verify that they are human. This will prohibit any computer/bot generated entry.

Hosting Facilities

The SecureDock application and stored data are hosted at a top-ranked hosting facility.

  • The hosting company is a 24/7/365 international facility with global infrastructure.
  • The facility itself incorporates the highest level of security; only company certified data center specialists are allowed onto the server/production floor.
  • Internet Carriers: The hosting facility provides eight (8) ISP tier 1 providers with redundancy between providers.
  • SecureDock has entered into a full-service contract incorporating private, dedicated servers for our application. This is a significant difference from most cloud data storage systems.
  • SecureDock has incorporated a disaster recovery plan which ensures against any and all natural disasters.

Penetration Testing

To stay protected against ever-evolving threats, SecureDock regularly undergoes extensive vulnerability and penetration testing and has on file a current External Network Security Vulnerability Assessment and Web Application Security (ENSVA-WAS) report. Through the ENSVA-WAS process, SecureDock has been awarded its best and highest security rating.

Industry Compliance

  • PCI DSS (Payment Card Industry Data Security Standard)
    All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
  • SSAE / SAS70 (Statement on Standards for Attestation Engagements)
    All SecureDock hosting facilities procedures are in compliance with the SSAE Type 1 and Type 11 guidelines as it pertains to information technology and related processes.
  • HIPAA (Health Insurance Portability and Accountability)
    In order to protect sensitive health information, the SecureDock Web-Application utilizes administrative, physical and technical safeguards, which fall into accordance with the U.S. Department of Health and Human Services.
    *Specialized server required for HIPAA Compliance
  • TRID (TILA / RESPA Integrated Disclosure)
    The SecureDock application provides mortgage professionals with a secure workflow through the loan process, while also providing strong documentation to support compliance of the TILA-RESPA Integrated Disclosure Rule.
     Click Here For More Information
  • GDPR (General Data Protection Regulation)
    SecureDock is compliant with the General Data Protection Regulation ensuring that data processed through our application is not disclosed or sold to third parties.
  • CCPA (California Consumer Privacy Act)
    SecureDock is compliant with the California Consumer Privacy Act ensuring that data processed through our application is not disclosed or sold to third parties.

Privacy Policy