Security is at the Foundation of FinDox

FinDox is SOC 2 Type II compliant and completes annual third party audits. FinDox has a private cloud that is managed by a service provider that is ISO 27001, SOC 1, SOC 2, and PCI certified.

All data stored on FinDox is encrypted in transit with end to end encryption and at rest. In addition, all access grant and permission changes made on FinDox along with document downloads are stored and retained for 7+ years for audit log purposes.

Request Demo

Security and Compliance Standards

SOC 2 Type II certified

All data encrypted in transit and at rest

High availability and geographically distributed data centers

Regular security audits and staff training

FinDox Security and Compliance at a Glance


FinDox’s private cloud has been configured to meet SOC 2 & PCI security standards including encryption at rest, encryption in transit, web application firewall, firewalls, separate VLANs, anti-virus and anti-malware, IDS/IPS, FIM, etc. Staff undergo security awareness training, background checks, and must sign security policies.


FinDox’s private cloud is managed by a third party service provider that is ISO 27001, SOC 2, SOC 1, and PCI compliant. FinDox has completed a third party SOC 2 Type II audit and uses an Automated Security & Compliance Platform. FinDox undergoes annual application pen tests and external network pen tests along with quarterly external PCI security scans and monthly internal vulnerability scans and patching.


FinDox’s private cloud has a primary data center in Virginia and a warm secondary data center in Texas. Real-time replication has been implemented between the primary and secondary data centers with a 15 min RTO/RPO along with nightly full backups to secure offline storage. DR Tests from backup are performed quarterly and failover tests are performed semi-annually. Data centers meet high availability with load balancing and redundancy.


Data is classified based on whether it contains MNPI and protected using encryption and FinDox’s robust access grant system. Audit logs are generated to track access grant changes and user document downloads. 

Our Commitment to Security

At FinDox, security goes beyond technology. Staff undergo security awareness training, background checks, and must sign security policies upon hiring as well as annually. FinDox’s CISO is a Certified Information System Security Professional (CISSP). 

Reach Out to Learn More

Reach out to FinDox’s Chief Information Security Officer with questions and for more information about how FinDox can meet your organizations security requirements.

Contact Us