Consistent, reliable commitment to ECM security and compliance are critical to earning our clients’ trust. We make it our priority to stay abreast of and comply with all legislative changes and new regulations, utilize evolving technologies, and invest in tools to better protect our clients’ physical and digital information.
Our Chief Information Security Officer’s role is to provide vision and leadership for developing and supporting ECM security initiatives and to direct the planning and implementation of our enterprise IT system, business operation, and facility defenses against security incidents and vulnerability issues. Our Privacy Officer collaborates with other departments (e.g., legal counsel, human resources, accounting, IT, imaging services, off-site records storage) to ensure compliance with specific privacy requirements, to develop corporate privacy policies and procedures, and to implement a corporate-wide training program to include cyber security awareness and training.
Relevant laws, regulations and business rules are followed at all times. Our policies are consistent and complete with respect to the law in order to best protect our clients’ data and mitigate risks.
Some requirements are industry-specific. Financial services, for instance, includes protecting non-public information (NPI) and personally identifiable information (PII). These requirements are regulated by the Gramm-Leach-Bliley Data Protection Act of 1999, the Identity Theft and Assumption Deterrence Act of 1998, the Sarbanes-Oxley Act of 2002, Payment Card Industry (PCI) Security Standards, and others.
As a leader in records management services, FileSolve is committed to complying fully with the rules and regulations concerning the privacy and security of Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and related regulations (collectively, “HIPAA law”).
Our ECM compliance practices apply to all records – both hard copy and electronic. We implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI and ePHI that we create, receive, maintain, or transmit on behalf of our clients as required by HIPAA law. That includes limiting the use and disclosure of PHI to the minimum extent necessary to meet our contractual obligations or requirements of the law. We require our business partners and subcontractors working on our behalf to agree to the same restrictions (by executing Business Associates Agreements to all subcontractors).
Underscoring our commitment to ECM compliance, we have successfully completed SSAE 16/SOC 1 Type II and SOC 2 Type II audits for two years.
Realizing the high level of confidentiality involved with client information, security and strict confidentiality are primary concerns at FileSolve. Security begins with employee selection, including extensive pre-employment background checks and substance testing. New-hire orientation includes extensive training and executing confidentiality agreements.
FileSolve’s headquarters is located in a 45,000-square foot, stand-alone, single-tenant, fenced and gated office building and adjoining warehouse that is owned by and shared with Patterson Pope, our parent company. Situated on 10 acres in Charlotte, NC, our modern, class “A” facility is equipped with a Sonitrol 24-hour monitored security system, which includes motion detectors, cameras and audio surveillance throughout. A gate code is required for access to the property. We also have a 74,000-square foot gated facility in Salem, VA that is monitored around the clock by an ADT security system. All exterior and interior doors at these facilities are secured with magnetic locks, so entry is allowed only via an individually assigned key fob. Visitor access is authorized, documented and supervised. Both facilities are inspected annually by our insurance carrier and local fire officials; they have successfully passed each inspection/review process for the past five years. Every measure is taken to provide this physical security assurance to our clients.
Simply stated, information security is protecting information in all forms – traditional paper, film or digital – from unauthorized access, use or destruction. Threats can be human, natural or technical, so ECM security is 24/7. It is a responsibility we take very seriously.