Information security is of paramount importance to Docmosis. We respect the right to privacy of our customers and trial-users and deal with their information accordingly. We continue to develop our security systems, policies and procedures to meet industry best practice.
Privacy and Security of Data
The data Docmosis processes falls into the following categories:
1. Identifying data about your Docmosis Cloud account (name, email, ip address etc)
2. Document Templates and Image Data – uploaded to our cloud service
3. Data sent by users to our Cloud Service API and the resulting output documents
The third category of data is also subject to our geographic and retention restrictions driven very specific instructions to our Cloud Services API. These extra restrictions greatly reduce the risk of data exposure.
On request, user data will be permanently deleted. Should a security incident occur such as a security breach or unauthorized access to user data, Docmosis is committed to informing all customers.
Docmosis policies and procedures are designed to provide industry best-practice for the security of our services.
The Docmosis Cloud Services run entirely within the Amazon Web Services (AWS) infrastructure. This provides comprehensive physical security as well as facilities supporting our non-physical security requirements. Details on the AWS security fundamentals can be found here.
Specific security features of the Docmosis Cloud Services include:
- "Short memory" Data Retention policy - data and the rendered documents are delivered and “forgotten”.
- Geographically-Bound Data Processing – Processing of sensitive data and documents is geographically bound within the USA or the EU. Users can select either or both regions for processing as required.
- Transport Encryption - all communication with the Docmosis Cloud is Thawte-SSL encrypted
- At Rest Encryption - Templates and other uploaded content and are encrypted at rest
- Access Controls – users authenticate with self-managed passwords and rotatable access keys
- Auditing Subsystem – user actions are audited providing the basis for investigation of incident management
- Infrastructure Access – access to infrastructure services is controlled by two factor authentication 2FA
- Email Security - email is dispatched using Transport Layer Security (SMTP TLS)
Docmosis policies and procedures are designed to provide industry best-practice for the reliability of our services.
The Docmosis Cloud Services have multiple features for reliability including:
- High Availability Architecture - Load balanced, high-performance, redundant, geographically distributed and monitored 24/7
- Strong Software Design - The service is engineered to survive multiple points of failure to remain as operational as possible, even in the event of core systems failures
- Backed up - Multiple independent backup systems in place providing case-specific recovery options
- Version Controlled – uploaded resources are version controlled so can be reverted and restored on an as-needs basis
- Monitored – multiple external systems are monitoring the Docmosis service end points. Key end points are monitored with deep-tests which create documents and check the results. The public information regarding current status can be found here and historical information here
- Controlled Updates – minor fixes are performed frequently on the service. Where larger changes are to be released, this is provided as a test-and-upgrade process allowing the customer to schedule their migration as suitable
- Service Level Agreement (SLA) - provides a 99.9% uptime for the core document-production service
Docmosis implements ongoing, relevant and up-to-date security training with all of our employees.
Access to all data is limited only to that necessary to execute the assigned roles. All of our staff members are required to read and sign our security and confidentiality policies and procedures, which explain the importance and sensitivity of customer data.
Standards and Compliance
Standards and compliances relevant to the security of our Cloud Services can be found on our Compliance page.