Data protection, data breaches, data loss, account hijacking, unsecured APIs, denial of service, and malicious insiders are at the top of our list of concerns and we prioritize efforts to mitigate those risks. We support corporate compliance every step of the process including our secure system of electronic records management.
We implement security and compliance measures across our entire organization:
DOMA Employee Training
At DOMA all of our employees go through cyber security training to enforce company-wide security and compliance
- Initial Cybersecurity Training occurs for all employees during the onboarding process. Including:
- HIPAA
- PII
- PHI
- Cybersecurity Best Practices
- Password Security
- Facility Security
- Training is role-based
- Developers go through OWASP and other specialized programming security training
- IT Administrative Professionals go through additional training to understand best practices for protecting upper-level systems.
- Training is repeated by each employee in 12-month cycles.
We ensure your documents are carefully tracked and your information never falls into the wrong hands.
Here of some of the security steps, we take during the Digital Conversion/Document Scanning process to protect records from your business:
- Records are transported in our GPS monitored, speed tracked, and secure DOMA vehicles. These vehicles make no stops from your facility to a Secure DOMA Facility.
- DOMA Facilities are secured at every entry point with access only to authorized personnel.
- We follow the HIPAA Regulations for safeguarding Protected Health Information (PHI) and Personal Identifiable Information (PII).
- Within the DOMA Secure Facility access to Document, Conversion Rooms are restricted, requiring key-card entry. In our Secure Document Conversion Rooms, cell phones and all other forms of recording devices are prohibited, further protecting PII and PHI.
When the conversion is finished there are 3 options for the safe disposal or return of converted documents:
- The destruction of all converted documents on-site, including a Destruction Certificate
- The secure return of all documents to your organization’s facility
- Long-term storage in a protected facility
Our cloud services make engaging with your content easy while adhering to the highest standards of data protection.
All processing takes place within Amazon Web Services’ (AWS) highly secure environment:
- DOMA’s security best practices incorporate AWS’s IT infrastructure. AWS augments our compliance with a variety of IT security standards:
- SOC1 / SOC2/ SOC3
- FISMA / FedRAMP / DodSRG Levels 2 and 4 / FIPS 140-2
- PCI DSS Level 1
- ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
ITAR
- AWS is a secure environment that meets HIPAA compliance.
- Being compliant with The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) allows DOMA to serve DoD customers on the Cloud.
Compliance
HIPAA | FISMA | PCI DSS Level 1 | FIPS 140-2 | ISO 9001:2015 | GDPR | CCPA | SOX | GBLA | AWS Partner | Microsoft Gold Partner | Listed on the CSA STAR Registry
Our software is designed to keep you in full control of how your data is accessed.
Simplify records management and safeguard your records with our Secure Document Management Software.
Our DX Software is designed with your security needs in mind:
- Customize User Access- Effectively implement Granular Access Controls by creating different user levels of access and delegate privileges for each level.
- Simplified Auditing- Set up reports/audits to keep track of organization-wide activity such as:
- Audit User Actions
- Track System login/logout
- Track Document Creation/Editing
- Track User Creation
- Audit logs cannot be altered, thus offering increased security.
- Our DX Software is encrypted during transmission and at rest.
- The software can be restricted to a white-listed group of IPs if desired.
- The DOMA Development Team continuously monitors our DX Software for security vulnerabilities.
- Our DX Software is hosted in the highly secure AWS Cloud,
List of DOMA Compliance
Increase regulatory compliance, data security, and improve business operations.
DoD SRG levels 2 &4
Being compliant with The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) allows DOMA to serve DoD customers.
HIPAA
DOMA is compliant with HIPAA regulation (Health Insurance Portability and Accountability Act of 1996) protecting private health information records.
FISMA
Compliant with FISMA (Federal Information Security Management Act), a federal law requiring an information security and protection program.
PCI DSS LEVEL 1
Compliant with PCI DSS (Payment Card Industry Data Security Standard ensuring that credit card information is maintained in a secure environment.
FIPS 140-2
Compliant with FIPS 140-2 (Federal Information Processing Standard), a government-approved cryptographic computer security standard.
ISO/IEC 27001 & 27017
International Organization for Standardization certified for Information Security Management 27001
& Cloud Security Management Certified 27017
GDPR
DOMA is (General Data Protection Regulation) GDPR Compliance ready.
GDPRS's parameters for data protection mean people have more control over their personal data and businesses are put on a level playing field,
SOX
Compliant with Sarbanes-Oxley Act ensuring that information stored cannot be tampered with (altered) by any employee. All data is encrypted with AES encryption prior to transmission and while it resides within the data center.
GLBA
Compliant with the Graham Leach Bliley Act’s standards for protecting the privacy of a customer’s financial information through data encryption before transmission, during transmission and while at rest. As well as protection of data from physical hazards and unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
CCPA
Per the California Consumer Privacy Act of 2018 (CCPA), we are the processor of your data and as such are prepared to support the you, our customer, in meeting the requirements of the CCPA.
AWS CLOUD
DOMA’s infrastructure is located within Amazon Web Services’ (AWS) highly secure environment. The AWS IT infrastructure provides to DOMA security best practices and a variety of IT security standards, including:
- SOC1 / SOC2/ SOC3
- FISMA / FedRAMP / DodSRG Levels 2 and 4 / FIPS 140-2
- PCI DSS Level 1
- ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
ITAR
Microsoft Gold Partner
DOMA is a Microsoft Gold Partner with a competency in Windows and Devices. The Windows and Devices competency demonstrates a specialization in providing advice and services to help customers best leverage their Windows 10 hardware.
We Value Our Veterans
DOMA is Virginia Values Veterans V3 Program Certified and has demonstrated to the Commonwealth that they Value Veterans, and have made a public commitment to hire Veterans into their workforce.
MEET OUR
COMPLIANCE ANALYST
Marti Jones, CISA, is our
Compliance Analyst & Privacy Officer
Learn more about Marti and how she ensures DOMA’s compliance with regulations.
Our most recent
Compliance Blog
DOMA Achieves AWS Advanced Consulting Partner Tier Accreditation
DOMA is excited to announce it has recently completed Amazon Web Services (AWS) Public Sector Partner Transformation Program.
