Last Updated: August 2020
Have any questions?
Would you like a copy of our Independent Security Audit?
Call us today
or send us an email at
- AES (Advanced Encryption Standard) 256 bit – Highest Level Available
- Encryption of data at rest, pending distribution and while in transit.
- Extended Validation Certificate SSL (Secure Socket Layer)
- TLS (Transport Layer Security) version 1.2
Login Access Restrictions
- Unique username and strong password requirements
- Secure Federated Access using OAuth 2.0
- reCAPTCHA protects against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)
- Optional Two-Factor login authentication
- Optional IP Address restrictions
Document Package Download Access Restrictions
- Optional access codes for outbound file packages
- Optional SMS Text access codes for outbound file packages
Secure File Transfer
SecureDock’s unique file transfer process leverages Secure “link” Transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted at rest, pending distribution, and through distribution.
SecureDock utilizes a series of email authentication/validation methods designed to ensure the successful delivery of email notifications sent via the SecureDock web application, as well as preventing unauthorized sending of emails from illegitimate parties.
Authentication Methods Include:
- SPF – (Sender Policy Framework)
- DKIM – (DomainKeys Identified Mail)
- DMARC – (Domain-based Message Authentication, Reporting & Conformance)
SecureDock Anti-Virus Scan Utility
SecureDock’s unique Anti-Virus Scan Utility automatically scans documents upon upload. You can rest easy knowing your files are being protected from viruses, malware, and other malicious content.
Server Specific Anti-Virus Protection
Dynamic & Static Code Scanning
SecureDock utilizes built-in scanning tools to analyze web-application performance and identify potential vulnerabilities within the runtime environment.
Security Standards and Compliance
All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, remains encrypted during transfer and is only decrypted at download. At SecureDock, your information is encrypted at rest, pending distribution, and while in transit.
Usernames and Strong Passwords
Both are required to access the SecureDock Web-Application. Each individual user has sole possession of their own password which can be updated, if desired, from within the users account settings page.
reCAPTCHA – Stopping Unauthorized Entry
In addition to unique username and strong password requirements, users will be required to complete a reCAPTCHA checkbox when logging into the SecureDock Web-Application. CAPTCHA (Complete Automated Public Turing Test) designed to establish that a computer user is human. A human must view and click on the reCAPTCHA checkbox, or, if asked, complete a CAPTCHA image quiz to verify that they are human. This will prohibit any computer/bot generated entry.
Two-Factor Authentication (Optional)
SecureDock offers a second level of security with Two Factor Authentication (2FA). This option is available at the initial login to our applications as well as when sending Outbound document packages.
- The hosting company is a 24/7/365 international facility with global infrastructure.
- The data center provides high availability, low latency, scalability and the latest advancements in cloud infrastructure.
- SecureDock has entered into a full-service contract managing its cloud infrastructure.
SecureDock has incorporated a disaster recovery plan which ensures against natural and manmade disasters. Currently SecureDock reports at 2-hour Recovery Time Objective (RTO) and a 15-minute Recovery Point Objective. Please refer to SecureDock’s Information Technology Disaster Recovery Plan for details.
To stay protected against ever-evolving threats, SecureDock regularly undergoes extensive vulnerability and penetration testing. The company has on file a current Attestation Letter providing evidence of the Independent External Network and Application Layer Vulnerability Assessment and Penetration Test. The testing strictly follows the guidelines set forth in NIST 800-53, ISO 27002 and the Open Web Application Security Project (OWASP). SecureDock has been awarded its best and highest security rating.
- PCI DSS (Payment Card Industry Data Security Standard)
All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
- SSAE 18 – SOC 2 Type ll
All SecureDock hosting facilities and their procedures are in compliance with the SSAE 18 SOC Type 1 and Type 11 guidelines as it pertains to information technology and related security, availability, processing integrity confidentiality and privacy processes. In January of 2021, SecureDock will complete a company-wide internal SOC 2 Type II audit.
- HIPAA (Health Insurance Portability and Accountability)
In order to protect sensitive health information, the SecureDock Web-Application utilizes administrative, physical and technical safeguards, which fall into accordance with the U.S. Department of Health and Human Services.
*Specialized server required for HIPAA Compliance.
- TRID (TILA / RESPA Integrated Disclosure)
The SecureDock application provides mortgage professionals with a secure workflow through the loan process, while also providing strong documentation to support compliance of the TILA-RESPA Integrated Disclosure Rule. Click Here For More Information
- GDPR (General Data Protection Regulation)
SecureDock is compliant with the General Data Protection Regulation ensuring that data processed through our application is not disclosed or sold to third parties.
- CCPA (California Consumer Privacy Act)
SecureDock is compliant with the California Consumer Privacy Act ensuring that data processed through our application is not disclosed or sold to third parties.