One of the most important questions that customers ask us regarding our hosted solution is how secure their data is. We understand that organizations value the information that they put in our DMS. Organizations would like to be doubly sure that there is no risk of compromising data or data loss when their mission critical data is residing on our servers. We take all the necessary steps for ensuring this security. It is a reflection of our confidence in the measures that we take- that a lot of our mission critical data resides in the DocuPhi hosted solution.

Transmission/ Network security:

All the data transfer is DocuPhi happens over the Secure Socket Layer with robust encryption which prevents the possibility of any malicious attack.

Server Security:

Securing the server on which the database resides is a priority.

• We access the servers only with Secure Shell (SSH) on non standard ports and have telnet disabled
• The root access is disabled.
• The IP addresses from which users can connect to the servers are restricted.
• All the sensitive data stored in the database like SSN, Credit Card Numbers, account Information etc. is encrypted.
• Only the personnel directly responsible for maintaining the application have access.
• We have a very stringent policy of periodic password changes; passwords are also changed when there is any reassignment of duties related to server maintenance.
• We ensure that no one person has all the passwords required to reach customer data.
• All activity on the server is logged and monitored closely.
• Multiple firewalls are configured on the server and access to all but necessary ports are disabled.
• The server is regularly updated with the latest security patches and anti-virus definitions.

Application Security:

• An internal firewall is configured within DocuPhi which acts as a further filter on which IP addresses can access DocuPhi. This firewall also facilitates IP address restriction per customer i.e. only the IP addresses configured for a customer are allowed to access data related to that customer. This firewall can also be configured to allow access to certain IP addresses only at certain times of the day.
• DocuPhi has inbuilt role based security- each role can access only a specific set of functionality.
• DocuPhi has fine grained URL based security mechanism which can restrict and control access to specific URLs.
• While DocuPhi does not have any password policies in the out of box solution, we strongly encourage customers to come up with their own password policies which can be then be programmatically enforced.
• DocuPhi logs all access to it, and tags the attempts to access parts of the application that the user did not have access to.

Data Backup