FinDox is SOC 2 Type II compliant and completes annual third party audits. FinDox has a private cloud that is managed by a service provider that is ISO 27001, SOC 1, SOC 2, and PCI certified.
Security is at the Foundation of FinDox
All data stored on FinDox is encrypted in transit with end to end encryption and at rest. In addition, all access grant and permission changes made on FinDox along with document downloads are stored and retained for 7+ years for audit log purposes.
Security and Compliance Standards
SOC 2 Type II certified
All data encrypted in transit and at rest
High availability and geographically distributed data centers
Regular security audits and staff training
FinDox Security and Compliance at a Glance
FinDox’s private cloud has been configured to meet SOC 2 & PCI security standards including encryption at rest, encryption in transit, web application firewall, firewalls, separate VLANs, anti-virus and anti-malware, IDS/IPS, FIM, etc. Staff undergo security awareness training, background checks, and must sign security policies.
FinDox’s private cloud is managed by a third party service provider that is ISO 27001, SOC 2, SOC 1, and PCI compliant. FinDox has completed a third party SOC 2 Type II audit and uses an Automated Security & Compliance Platform. FinDox undergoes annual application pen tests and external network pen tests along with quarterly external PCI security scans and monthly internal vulnerability scans and patching.
FinDox’s private cloud has a primary data center in Virginia and a warm secondary data center in Texas. Real-time replication has been implemented between the primary and secondary data centers with a 15 min RTO/RPO along with nightly full backups to secure offline storage. DR Tests from backup are performed quarterly and failover tests are performed semi-annually. Data centers meet high availability with load balancing and redundancy.
Data is classified based on whether it contains MNPI and protected using encryption and FinDox’s robust access grant system. Audit logs are generated to track access grant changes and user document downloads.
Our Commitment to Security
At FinDox, security goes beyond technology. Staff undergo security awareness training, background checks, and must sign security policies upon hiring as well as annually. FinDox’s CISO is a Certified Information System Security Professional (CISSP).