Our client projects frequently involve processing highly confidential, sensitive, and private information. In today’s environment, our clients need to know their documents and data are secure and safe.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Compliance with SOC 2 requirements indicates that an organization maintains a high level of information security. Strict compliance requirements (tested through on-site audits) help ensure sensitive information is handled responsibly. Axion is currently preparing for a SOC 2 audit.
Axion’s entire computing infrastructure resides on the Google Cloud Platform (GCP) which offers the most secure environment possible. All data is encrypted in-transit and data stored on persistent disks is encrypted under 256-bit AES and each encryption key is also encrypted.
Google maintains certifications with regular audits for SSAE16, ISO 21017, ISO 21018, PCI, FedRAMP, and HIPAA compliance. According to Google, “Certifications such as these provide independent third-party validations of our ongoing commitment to world-class security and privacy, while also helping our customers with their own compliance efforts.”
As of 2022, there are 44 Google Cloud Platform data centers (13 in the U.S.) across 15 cities throughout the world, and data is stored redundantly in at least two regions. “Snapshots” of Axion’s entire network are created nightly and retained for 7 days. In addition, all of Axion’s data is backed up once each hour and maintained on a separate cloud platform.
Axion’s firewall rules allow access only to devices whose IP addresses are stored in Axion’s firewalls. Data entry operators have only browser access to published applications and no access whatsoever to a desktop.
Nothing Leaves our Network: Axion’s data entry systems employ a thin client model, which means all processing is done on the server side. All images, data, and processing remain within the secure GCP network. Data entry operators cannot print or download images or data.
When privacy requirements demand it, we can “split” the image and have different parts of the document keyed by different data entry teams. This means that a single data entry operator would never have access to an entire document. This is a complex process, requiring additional programming, and is employed in only a few rare circumstances.
Contact us today to request more information about our standards regarding data entry quality. We serve businesses and other clients throughout the United States.
