Leading the Way in

Security & Corporate Compliance

Data protection, data breaches, data loss, account hijacking, unsecured APIs, denial of service, and malicious insiders are at the top of our list of concerns and we prioritize efforts to mitigate those risks. We support corporate compliance every step of the process including our secure system of electronic records management.

List of DOMA Compliance

Department of Defense SRG levels 2 & 4

DoD SRG levels 2&4

Being compliant with The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) allows DOMA to serve DoD customers.

AWS Partner Advanced Tier Services

AWS

DOMA’s infrastructure is located within Amazon Web Services’ (AWS) highly secure environment. Amazon Web Services provides an additional layer of security to everything DOMA has already achieved.
Learn More

PCI DSS
LEVEL 1

PCI DSS Level 1

Compliant with PCI DSS (Payment Card Industry Data Security Standard ensuring that credit card information is maintained in a secure environment.

GLBA
Compliance

GLBA

Compliant with the Graham Leach Bliley Act’s standards for protecting the privacy of a customer’s financial information through data encryption before transmission, during transmission and while at rest. As well as protection of data from physical hazards and unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

SOX
Compliance

SOX

Compliant with Sarbanes-Oxley Act ensuring that information stored cannot be tampered with (altered) by any employee. All data is encrypted with AES encryption prior to transmission and while it resides within the data center.

CCPA
Compliance

CCPA

Per the California Consumer Privacy Act of 2018 (CCPA), we are the processor of your data and as such are prepared to support the you, our customer, in meeting the requirements of the CCPA.
Learn More

GDPR
Compliance

GDPR

DOMA is (General Data Protection Regulation) GDPR Compliance ready.
GDPR's parameters for data protection mean people have more control over their personal data and businesses are put on a level playing field,
Learn More

ISO/IEC
27001 & 27017

ISO/IEC 27001 & 27017

International Organization for Standardization certified for Information Security Management 27001
& Cloud Security Management Certified 27017

FISMA
Compliance

FISMA

Compliant with FISMA (Federal Information Security Management Act), a federal law requiring an information security and protection program.

FIPS
140-2​

FIPS 140-2

Compliant with FIPS 140-2 (Federal Information Processing Standard), a government-approved cryptographic computer security standard.

HIPAA
Compliance

HIPAA

DOMA is compliant with HIPAA regulation (Health Insurance Portability and Accountability Act of 1996) protecting private health information records.
Learn More

Virginia Values Veterans V3 Program

Virginia Values Veterans

DOMA is Virginia Values Veterans V3 Program Certified and has demonstrated to the Commonwealth that they Value Veterans, and have made a public commitment to hire Veterans into their workforce.

Employee Training

At DOMA all employees go through role-based training to enforce company-wide security and compliance. Training is repeated by each employee in 12 month cycles.

Digital Solutions

We ensure your documents are carefully GPS tracked during transport so  that your information never falls into the wrong hands.

Cloud Solutions

Our cloud services make engaging with your content easy while adhering to the highest standards of data protection.

DX Engage Platform

Our software is designed to give you full visibility and control of how your data is accessed.

Employee Training

At DOMA all employees go through training to enforce company-wide security and compliance. Training is repeated by each employee in 12 month cycles.
  • Initial Cybersecurity Training occurs for all employees during the onboarding process. Including HIPAA, PII, PHI, Cybersecurity Best Practices, Password Security, and Facility Security.
  • Training is role-based
    • Developers go through OWASP and other specialized programming security training
    • IT Administrative Professionals go through additional training to understand best practices for protecting upper-level systems.

Digital Solutions

We ensure your documents are carefully tracked and your information never falls into the wrong hands.

Here of some of the security steps, we take during the Digital Conversion/Document Scanning process to protect records from your business:

  • Records are transported in our GPS-monitored, speed-tracked, and secure DOMA vehicles. These vehicles make no stops from your facility to a Secure DOMA Facility.
  • DOMA Facilities are secured at every entry point with access only to authorized personnel.
  • We follow the HIPAA Regulations for safeguarding Protected Health Information (PHI) and Personal Identifiable Information (PII).
  • Within DOMA’s facility, there are secure conversion spaces with access given to employees based on role and project clearance.

 

When the conversion is finished there are 3 options for the safe disposal or return of converted documents:

  1. The destruction of all converted documents on-site, including a Destruction Certificate
  2. The secure return of all documents to your organization’s facility
  3. Long-term storage in a protected facility

Cloud Solutions

Our cloud services make engaging with your content easy while adhering to the highest standards of data protection.

All processing takes place within Amazon Web Services (AWS) highly secure environment:

  • DOMA’s security best practices incorporate AWS’s IT infrastructure. AWS augments our compliance with a variety of IT security standards:
    • SOC1 / SOC2/ SOC3
    • FISMA / FedRAMP / DodSRG Levels 2 and 4 / FIPS 140-2
    • PCI DSS Level 1
    • ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
      ITAR
  • AWS is a secure environment that meets HIPAA compliance.
  • Being compliant with The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) allows DOMA to serve DoD customers on the Cloud.
Compliance:

HIPAA | FISMA | PCI DSS Level 1 | FIPS 140-2 | ISO 9001:2015 | GDPR | CCPA | SOX | GBLA | AWS Partner | Listed on the CSA STAR Registry

DX Engage Platform

Our software is designed to keep you in full control of how your data is accessed.

Simplify records management and safeguard your records with our Secure Document Management Software.

Our DX Software is designed with your security needs in mind:

  • Customize User Access- Effectively implement Granular Access Controls by creating different user levels of access and delegate privileges for each level. 
  • Simplified Auditing- Set up reports/audits to keep track of organization-wide activity such as:
    • Audit User Actions
    • Track System login/logout
    • Track Document Creation/Editing
    • Track User Creation
  • Audit logs cannot be altered, thus offering increased security.
  • Our DX Software is encrypted during transmission and at rest.
  • The software can be restricted to a white-listed group of IPs if desired.
  • The DOMA Development Team continuously monitors our DX Software for security vulnerabilities.
  • Our DX Software is hosted in the highly secure AWS Cloud,