Security Features
Last Updated: July 2024
Have any questions?
Would you like a copy of our Independent Security Audit?
Call us today
(949) 387-5400
or send us an email at
info@Secure-Dock.com
Encryption Methods
- AES (Advanced Encryption Standard) 256 bit – Highest Level Available
- Encryption of data at rest, pending distribution, and while in transit
- Extended Validation Certificate SSL (Secure Socket Layer)
- TLS (Transport Layer Security) version 1.2
Login Security Features and Options
- Unique usernames and strong passwords
- Secure Federated Access using OAuth 2.0
- reCAPTCHA protects against automated ‘brute force’ attacks (Completely Automated Public Touring Test to tell Computers and Humans Apart)
- Two-Factor Login Authentication via SMS text or Authenticator App
- IP Address restrictions
- Single Sign-On (SSO) via Microsoft Azure Active Directory and OKTA
Document Package Download Access Restrictions
- Increase document security with access codes for outbound file packages.
- Optional SMS Text access codes for outbound file packages.
Secure File Transfer
SecureDock’s unique file transfer process leverages Secure “link” Transmission and AES document encryption. Our process removes the typical exposure that occurs when documents are distributed via standard email. Using point-to-point encryption, documents remain encrypted at rest, pending distribution, and through distribution.
Email Authentication
SecureDock utilizes a series of email authentication/validation methods designed to ensure the successful delivery of email notifications sent via the SecureDock web application, as well as preventing unauthorized sending of emails from illegitimate parties.
Authentication Methods Include:
- SPF – (Sender Policy Framework)
- DKIM – (DomainKeys Identified Mail)
- DMARC – (Domain-based Message Authentication, Reporting & Conformance)
SecureDock Anti-Virus Scan Utility
SecureDock’s unique Anti-Virus Scan Utility automatically scans documents upon upload. You can rest easy knowing your files are being protected from known viruses and malware.
Server Specific Anti-Virus Protection
SecureDock leverages advanced anti-malware, anti-ransomware, and HIPS (Host-based Intrusion Prevention System) providing easy, centralized management of the security of all virtual servers.
Dynamic and Static Code Scanning
SecureDock utilizes built-in scanning tools to analyze web application performance and identify potential vulnerabilities within the runtime environment.
Web Application Firewall
SecureDock’s Application Gateway and Firewall screens and blocks traffic from suspicious or restricted users, as well as protects against common web-hacking techniques.
Security Standards and Compliance
Protection of information held in SecureDock is of utmost importance. The information stored is not only important but personal and private. We are in the business of data security. All file transfers between you and your recipients are treated confidentially. For more information on how we manage your data, please read our Privacy Policy.
Encryption
All information entered into the application is encrypted to the highest level available – 256-bit Advanced Encryption Standard (AES). The information is encrypted at upload, stays encrypted as long as it is stored on the application, remains encrypted during transfer, and is only decrypted at download. At SecureDock, your information is encrypted at rest, pending distribution, and while in transit.
Usernames and Strong Passwords
Both are required to access the SecureDock Web-Application. Each user has sole possession of their password which can be updated, if desired, from within the user’s account settings page.
reCAPTCHA – Stopping Unauthorized Entry
In addition to a unique username and strong password requirements, users will be required to complete a reCAPTCHA checkbox when logging into the SecureDock Web-Application. CAPTCHA (Complete Automated Public Turing Test) is designed to establish that a computer user is human. A human must view and click on the reCAPTCHA checkbox, or, if asked, complete a CAPTCHA image quiz to verify that they are human. This will prohibit any computer/bot-generated entry.
Two-Factor Authentication (Optional)
SecureDock offers optional or required Two Factor Authentication (2FA) via SMS text or Authenticator App. 2FA can be configured at the company-level and can be applied for individual user logins or outbound file transfers.
Hosting Facilities
The SecureDock application and stored data are hosted at a top-ranked international hosting facility.
- The hosting company is a 24/7/365 international facility with a global infrastructure.
- The data center provides high availability, low latency, scalability, and the latest advancements in cloud infrastructure.
- SecureDock has entered into a full-service contract managing its cloud infrastructure.
Disaster Recovery
SecureDock has incorporated a disaster recovery plan which ensures against natural and manmade disasters. Currently SecureDock reports at 2-hour Recovery Time Objective (RTO) and a 15-minute Recovery Point Objective. Please refer to SecureDock’s Information Technology Disaster Recovery Plan for details.
Vulnerability Studies and Penetration Testing
To stay protected against ever-evolving threats, SecureDock regularly undergoes extensive vulnerability and penetration testing. The company has on file a current Attestation Letter providing evidence of the Independent External Network and Application Layer Vulnerability Assessment and Penetration Test. The testing strictly follows the guidelines outlined in NIST 800-53, ISO 27002, and the Open Web Application Security Project (OWASP). SecureDock has been awarded its best and highest security rating.
Industry Compliance
- PCI DSS (Payment Card Industry Data Security Standard)
All SecureDock personal and credit card information stored on the system is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
- SSAE 18 – SOC 2 Type ll
All SecureDock hosting facilities and their procedures comply with the SSAE 18 SOC Type 1 and Type 11 guidelines as it pertains to information technology and related security, availability, processing integrity confidentiality, and privacy processes. In January of 2021, SecureDock has completed a company-wide internal SOC 2 Type II audit. CLICK HERE for more information
- HIPAA (Health Insurance Portability and Accountability)
To protect sensitive health information, the SecureDock Web-Application utilizes administrative, physical, and technical safeguards, which fall into accordance with the U.S. Department of Health and Human Services.
*Custom account configuration required.
- TRID (TILA / RESPA Integrated Disclosure)
The SecureDock application provides mortgage professionals with a secure workflow through the loan process, while also providing strong documentation to support compliance with the TILA-RESPA Integrated Disclosure Rule. CLICK HERE for more information
- GDPR (General Data Protection Regulation)
SecureDock is compliant with the General Data Protection Regulation ensuring that data processed through our application is not disclosed or sold to third parties.
- CCPA (California Consumer Privacy Act)
SecureDock is compliant with the California Consumer Privacy Act ensuring that data processed through our application is not disclosed or sold to third parties.