Security & compliance

At Scan123, we take your security seriously

The following information outlines the system and security parameters Scan123 has deployed to ensure a secure, redundant system with high availability. This system is designed and managed to give authorized users of Scan123 24/7 access to the data and files stored within. The access methods for storage and retrieval were designed to give customers a variety of security controls and flexibility needed to safely replace past paper storage practices.

AES Encryption

Scan123 fully implements security procedures widely accepted in the banking industry and the Federal Government, so you can rest assured that your data is safe and secure. 128-bit AES encryption is certified by the NSA for information classified up to the SECRET level, while TOP SECRET information requires the use of 256-bit AES encryption.  Because we value the privacy of your data, we use the more secure 256-bit encryption throughout all phases of data storage, retrieval and backup.

SSL Encryption

HTTPS refers to the combination of a normal HTTP web connection over an encrypted Secure Sockets Layer, (SSL) to ensure protection from eavesdroppers and hacker attacks. If an eavesdropper were to gain access to encrypted data, the data would be unreadable and thus, unusable to them.

Storage and Retrieval

We are often asked if Scan123 is compliant with the above regulations and want our customers to understand that Scan123 provides fully encrypted access to your data. During transmission, storage, and encrypted offsite backups Scan123 will give your company the opportunity to operate in a  fully compliant manner when implemented properly. Remember, there is no official “certification” process for products that assist your business in compliance with the myriad of privacy and security legislation that is part of today's business.

Compliance and Regulation

Scan123 assists your company in complying with Federal and State regulations such as HIPAA, Sarbanes-Oxley, GLB etc. Sarbanes-Oxley applies to all public companies and accounting firms. HIPAA applies to health care insurance and health care providers. However, HIPAA policy also applies to the health-related employee information stored by any public company.  The applicable stored-information may vary from customer's private credit or health information to corporate financial statements. To implement compliance, there is no one technology or solution. For each regulation, you need to undertake a security and privacy review of your businesses unique environment against the specific regulations.

Internally

We follow the "Principle of least Privilege" so a limited group of trusted personnel have access only to the information and resources that are necessary to do their job. For example: to access, test, and run data backups or, with your permission, be granted access to your Company Account to provide troubleshooting or assistance.

If you feel that this site is not following its stated information policy, please let us know

GLBA & Document Management

Are you compliant with the GLBA? Failure to comply could cost your business thousands of dollars in fines...

The following information is provided by Scan123 to assist businesses. It should not be construed as legal advice.

What is the Gramm-Leach-Bliley Act?

Broadly speaking, the Gramm-Leach-Bliley Financial Services Modernization Act of 1974 (GLBA or GLB) restricts with whom businesses can share customer information and mandates that businesses take steps to safeguard customer information and inform customers of how their information will be used.

Who does the GLBA affect?

The GLBA applies to financial institutions, but that includes more than just banks and credit unions. As defined, financial institutions are entities significantly involved in financial activities, including auto dealers, loan brokers, tax preparers, insurance companies and many others.

What role does document management play in GLBA compliance?

The GLBA required certain government agencies, including the Federal Trade Commission (FTC), to establish appropriate standards for the financial institutions they oversee to protect the nonpublic personal information of their customers. To comply with this, the FTC added the Safeguards Rule: Standards for Safeguarding Customer Information, which went into effect in 2003. The rule requires that financial institutions create and implement a written information security program that explains how a business ensures the security and confidentiality of customer information, specifically by protecting against unauthorized access to customer information and foreseeable threats or hazards to customer information. GLBA violations can result in fine of up to $100,000 and/or up to 5 years in prison.

Here's where an electronic document management system (EDMS) like Scan123 can help your business comply with this federal rule. An EDMS protects your customers' information (as well as your own data) more completely than a file cabinet - even a locked cabinet - ever can. Paper documents are vulnerable to human misuse by an employee or intruder as well as natural hazards like fire and flood.

On the other hand, once your paper documents have been scanned into an EDMS, they are protected against unauthorized access. With Scan123, you can grant access only to specific employees who need to use that information. This limits your exposure to identity theft by employees and just plain snooping. Furthermore, in every stage of transfer and access your data is secured against hacking with 256-bit AES encryption, which is authorized by the federal government to protect Top Secret-level classified information.

Your customers' information is also protected against natural disasters by several safeguards. Scan123 keeps multiple backups of all your data in multiple locations so that if one copy is ever damaged, the system can roll back to another copy. In case of fire, our data facility has a state of the art dry fire suppression system. Even during a power outage, your information is safe and accessible to you. Our data facility has 21 days of battery power, backup diesel generators, and guaranteed refueling contracts.

Protecting your customers' information isn't just required by law, it's also good business. Make sure an electronic document management system like Scan123 is a part of your federally mandated plan to protect your customer’s information.

What else do I need to do to comply with the GLBA?

Other sections of the GLBA may require that you give your customers privacy notices explaining what information you are collecting and how it will be used and give opt-out notices before sharing customer information with nonaffiliated third parties. For more information, check out the links for further reading below.

Sources

Safeguards Rule - Federal Trade Commission
Gramm-Leach-Bliley Act

Further Reading

Financial Institutions and Customer Information: Complying with the Safeguards Rule
How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act
The FTC's Privacy Rule and Auto Dealers: FAQs