Security & Compliance
Darwill recognizes and appreciates the trust you place in us to process your work and we take that responsibility very seriously. We continue to do our best to ensure that our processes, controls, and standards provide the highest level of secured transaction mail services and produce the expected results. Darwill has implemented extensive security measures, and continues to invest in process and technology improvements to ensure the integrity and security of client data and transaction mail.
SOC2 Type 1
Darwill’s SOC2 Type 1 certification, represents a significant ongoing commitment to the quality, integrity, and security of services provided to you, our client, and by extension, to the services you offer to your customers. The SOC2 Type1 audit for service organizations that hold, store or process information of their clients was completed June 2016 by KirkpatrickPrice. The Service Organization Control (SOC) Type 1 Report is available upon request.
Darwill has been awarded HIPPA compliance. The Health Insurance Portability and Accountability (HIPAA) Security Rule sets a national standard for the protection of consumers’ Electronic Protected Health Information (ePHI) by mandating a risk assessment and Physical, Administrative, and Technical Safeguards . The ePHI that an organization manages must be protected against anticipated breaches. According to the Security Rule, each organization must reach the following objectives:
- Ensure the confidentiality, integrity, and availability of ePHI that it creates, receives, maintains or transmits
- Protect against any reasonably anticipated threats and hazards to the security or integrity of ePHI
- Protect against reasonably anticipated uses or disclosures of such information that are not permitted by the Security Rule
HIPAA compliance report is available upon request.
Darwill undergoes yearly security reviews and audits to ensure we are meeting the requirements of Health Insurance Portability and Accountability (HIPAA) , Payment Card Industry (PCI) and SOC2. These examinations and audits typically include a full range of risk-based assessments of systems, security, standards, processes, and controls.
PCI compliant as of January 2015.
HIPAA and SOC2 compliant as of June 2016.
Network & Data Security
Firewall systems are used to control local and internet network traffic. Internet usage is monitored and filtered. Darwill uses secure channels including SFTP, FTPS, and HTTPS for data transfer.
Darwill systems perform real time network, systems, application, security performance, and software patch monitoring. Control alerts are generated when designated thresholds have been detected in any critical areas, and software patches and updates are automatically applied. Internal vulnerability and patch management scans are performed on a regular basis. Viruses and other malicious software are kept in check through network-edge anti-virus, anti-spyware and intrusion-prevention systems.
Access to Darwill facilities is managed by an integrated card access system and CCTV digital video recordings. A pre-authorized ID badge is required. Security cameras are strategically located throughout each facility, providing ongoing CCTV surveillance and video retention.
Employee training for security, confidentiality, privacy, and safety is conducted for new hires shortly after initial employment and is renewed annually thereafter. Employees are also required to sign Code-of-Conduct and Confidentiality agreements.