Securing Your Data & Documents

• Our Best Value Yet!
• Scanning Services & Software
• Electronic Document Management
• Enterprise Content Management
• Behavioral Healthcare Solutions
• Payroll Solutions
• Data Archiving & Collaboration
• Transactional Data-Print & Distribution
• Securing Your Data & Documents

D2Xchange collects, stores and distributes a wide range of sensitive data. To safeguard your information, we use a combination of physical and technology-based security measures and security-oriented processes.  Examples include: 

• Passkey and alarm-protected offices
• Highly controlled computer facilities for routers, switches, servers, and firewalls with limited employee access
• SSLs around all applications, including 128-bit encryption to ensure the security of transported data
• Network security log maintenance and monitoring
• External audits and internal IT system reviews
• Customer-administered user names and passwords and other industry recognized best practices

In addition we have partnered with a Level 1 DOD hosting facility for collocation, back-up and redundant T-1s and ISPs, allowing individual clients to leverage this facility as needed. 

To assure that we have the right policies and procedures in place to properly handle this confidential information, D2Xchange has successfully completed consecutive SAS 70 Type II audits, the first in November 2008 and the second in November 2009. A SAS 70 audit validates that a service organization has completed an in-depth audit of their control activities, which include controls over information technology processes. The examination is designed to demonstrate that a service organization has adequate controls and safeguards related to hosting and processing customer data. 

Auditors examined both the written policies and procedures and the day-to-day control activities D2Xchange has in place related these seven areas: 

1. Organizational controls 
2. Operational controls
3. Physical security controls
4. Environmental protection controls
5. Logical security controls
6. Disaster recovery and business continuity controls
7. Telecommunications and network controls   

The opinion letters issued by our auditors were unqualified.  In other words, D2Xchange was deemed to have suitable written controls in place to meet control objectives for each of the areas listed above.  The auditors also concluded that controls were operating with sufficient effectiveness to provide reasonable assurance that the control objectives were achieved.