News: Docufree Announces Several
Key Industry Re-Certifications
Company Awarded ISO, PCI, HIPAA and SOC2 Certifications
ATLANTA – May 25, 2021 – Docufree, a business process services provider of large-volume document scanning, cloud-based document management and intelligent process automation, today announced it has been awarded several key certifications, demonstrating its long-standing commitment to security and regulatory compliance.
The company has re-certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS), as well as the standards contained in the Security Rule component of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and was also awarded ISO and SOC2 certifications.
“Dependable quality, security, and risk management are paramount, as we are ultimately responsible for all of our clients’ information, whether it be physical documents or electronic information, and from inbound capture, to management, and secure storage,” said David Winkler, executive vice president and chief product officer at Docufree. “Having a consistent, reliable and secure process is something that each of our clients expects and has always received. These certifications are an additional assurance that our clients can depend upon Docufree to be good stewards of the relationships and resources they entrust to us.”
ISO 9001 is an internationally recognized standard that specifies requirements for a quality management system and demonstrates that Docufree has the ability to consistently provide products and services that meet customer and regulatory requirements. Achieving ISO certification means that Docufree’s quality management system, customer service and documentational procedures met or exceeded all requirements according to the British Standards Institution (BSI), an ISO-accredited notified body responsible for assessing compliance and issuing the certification.
Docufree has been awarded the PCI DSS compliance certification, recognized as the global security standard in the payment card industry and one of the most stringent and comprehensive payment security certification standards in the world. To obtain PCI DSS certification, a company must undergo a comprehensive and rigorous review from an independent assessment organization authorized by the PCI SSC.
Docufree’s re-certification of HIPAA was awarded after successful completion of a security assessment by a third-party security firm. The HIPAA security assessment involved a comprehensive review of policies and procedures, network and data flow diagrams; physical and environmental security; disaster recovery backup processes; vulnerability management; penetration testing, system hardening standards, and other pertinent areas. The third-party firm also assessed patch management; access control; data storage, logging, auditing; security monitoring; and incident response.
Docufree’s SOC 2 certification was issued by outside auditors who assessed the extent to which the document solutions provider complies with one or more of five trust principles based on systems and processes in place at the company. These trust principles include security (protection of system resources against unauthorized access), availability (accessibility of systems, products, or services as stipulated by contract or service level agreement), and processing integrity (offering complete, valid, accurate, timely, and authorized data processing). Two additional trust principles encompass preservation of data confidentiality (via encryption, network and application firewalls, and rigorous access controls) and privacy (the collection, use, retention, disclosure, and disposal of customers’ personal information in conformity with individual organizations’ privacy notice, as well as with criteria outlined in the AICPA’s generally accepted privacy principles.
“We prioritize making sure our security credentials and industry certifications are in compliance with the most strict data security standards in the industry and meet other top industry standards,” added Winkler. “We are committed to safeguarding both privacy and integrity of our customers’ data and their reputations.”
Docufree is a business process services provider of large-volume document scanning, cloud-based document management, and intelligent process automation. Since 1999, Docufree has securely managed and modernized how people and the systems they use every day interact with data and each other, driving measurable outcomes for both clients and their customers—from providing an on-ramp to digital transformation to automated invoice processing, human resources, and customer communications. Today, over 1,000 enterprise organizations and government agencies rely on Docufree to empower their workforce with the information they need and ensure processes are executed with speed, accuracy, and compliance from wherever work needs to happen. For more information, visit www.docufree.com. Follow us on LinkedIn and Twitter @Docufree then like us on Facebook.
Docufree Corporate Communications