Security & Privacy

DATAMATX SECURITY AND PRIVACY

DATAMATX makes privacy and security of our customers’ data and our internal resources’ data of the highest priorities.  We have undergone the most rigorous compliance audits in the industry with independently validated reports on compliance for SOC1, Type 2, SOC 2 + HITRUST, PCI-DSS vs 3.2, Level 3, and FISMA/NIST 800-53.

As a data custodian for client PHI, FTI and PII, DATAMATX incorporates the strongest encryption policies to protect and continuously monitor all data and transactions.  Multiple firewalls and routers are in place to filter unauthorized inbound network traffic and deny connections not explicitly authorized and have a “deny all, allow by exception” policy.  The use of strong password policies with complexity, strength, and lock-outs strictly monitored and enforced.   The PCI and FISMA network segments have additional controls deployed for the protection of client owned information categorized as Moderate impact.

DATAMATX undergoes PCI-DSS qualified vulnerability penetration testing at least twice annually.

DATAMATX facilities incorporate monitored access control systems to secure exterior entrances and internal production areas associated with production or storage of sensitive information. DATAMATX employees are required to wear company-issued identification badges which include their name, picture, employee number, and security access code level.

DATAMATX has a rigorous Risk Assessment and Mitigation policy for identifying, assessing and proactively mitigating risks and follows NIST guidelines and continuously monitors facility network and access.