Information Security Overview

At cPaperless, LLC (“cPaperless”) security is very important to us, which is why we have created this statement to disclose how we protect your account data. Your trust is imperative to our mission, not only as a business but as people. We want you to feel secure when using SafeSend and SafeSend Returns. Below you’ll find how cPaperless manages SafeSend and SafeSend Returns data:

Cloud Hosted Servers and Data Centers
The SafeSend Returns servers are hosted in Microsoft Azure. Microsoft Azure utilizes advanced firewall and intrusion detection technology to provide the highest level of security for our customers. The SafeSend Returns servers and firewall are monitored on a 24/7 basis. Each SafeSend and SafeSend Returns client has it’s own siloed database within Microsoft Azure.

Data Backup

Daily back-ups are performed by Microsoft Azure. The data stored in those backups is never decrypted during the process, and backup media is physically secured at all times to ensure the utmost in security. Azure backups are rotated in encrypted form to alternate secured locations in the event of a natural disaster.

Data in Transfer
All data is protected by full encryption during transmission and rest using SHA256 certificates under TLS 1.2 encryption.

Penetration Testing
At least every 12 months penetration testing is performed by a third party to evaluate the security of the cPaperless information technology environment. Testing procedures are used to simulate users attempting to gain unauthorized access to system resources and data by using known vulnerabilities and other “hacking” techniques. Testing of external-facing components, including internet protocol (“IP”) addresses and Uniform Resource Locators (“URL(s)”) simulate a user attempting to gain access to system components through publicly accessible end points from the Internet.

SOC 2 Examination
cPaperless is required to have a Type 1 SOC 2 examination annually. The examination reports on the assertions made by management in their controls with regards to the AICPA Trust Services Principles and Criteria regarding:

  • Security
  • Confidentiality
  • Availability

Reporting Security Issues
If you have discovered a vulnerability in a cPaperless product, please email us at: support@cPaperless.com. Please include a detailed summary of the issue including the name of the product (e.g., SafeSend) and the nature of the issue you believe you’ve discovered. cPaperless will respond to your notification within a reasonable amount of time and will quickly work to fix the reported vulnerability.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.