Compliance

Protection you can trust

We have achieved the following certifications to assure our customers that we are committed to providing the stringent requirements expected from a trusted service provider.

SOC 2 + HITRUST Examination

SOC 2 report on the HITRUST CSF control requirements is used as the basis of our cybersecurity and information protection program. HITRUST and the AICPA have collaborated to align the Trust Services Principles and Criteria to the HITRUST CSF. The SOC 2 + HITRUST audit was conducted by an outside assessor organization, certifying that DATAMATX meets and exceeds the requirements for handling sensitive health care information under rigorous HIPAA standards.

FISMA/NIST 800-53

Datamatx has successfully completed an independent Federal Information Security Management Act (FISMA) audit after developing a complete System Inventory, Risk Categorization, System Security Plan and implementing NIST 800-53 Baseline Security Controls for Moderate Impact Systems in order to meet strict information privacy and security requirements for processing sensitive information including State and Federal Tax Information.  Most information privacy and security frameworks are based on the NIST controls.

SOC 1/SSAE 18

Datamatx has successfully achieved a SOC 1/SSAE 18 report from a qualified outside audit firm which provides assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting, set forth by the Statement on Standards for Attestation Engagements No. 18 (SSAE 18), which focuses on internal controls at services organizations that affect their clients’ financial statements and includes a written assertion and a vendor risk management program.

HIPAA compliant

Datamatx is HIPAA compliant to meet the guidelines for protecting electronic protected health information.  The Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required for companies that store, process, or handle electronic protected health information (ePHI).

PCI DSS 3.2 (Payment Card Industry Data Security Standard) Compliant

Our compliance with the payment card industry’s data security standards keeps your customers’ payment transactions safe from the vulnerabilities that allow for theft of cardholder data.

Sarbanes-Oxley

DATAMATX works with you to keep your company compliant with all corporate accounting controls required by U.S. federal law.

Full Service Platinum

Full Service Platinum Certification is the highest level of certification from the USPS, providing you with the best service possible for timely, accurate mail delivery at the most beneficial postal rates.