Security is at the core of the DocuWare Platform. Starting with access to the DocuWare system and the file cabinets the solution is protected by a login procedure as well as secure data exchanges between the components. Authentication checks and verifies the identity of the user logging on ensuring that they are only allowed to access information they have been granted permissions. This security concept applies to IT components or applications that are to access the DocuWare system as well.
DocuWare is certified for SOC 2, Type 2 & ISO 27001 - The Service Organization Control (SOC) governs how to report on the status of internal control parameters, including security and availability. It follows the AICPA Trust Services Principles and Criteria. DocuWare is also certified for ISO 27001.
The DocuWare solution can be used to assist organizations with meeting Privacy Standards including HIPPA- The US Health Insurance Portability and Accountability Act, and CCPA - The California Consumer Privacy Act. HIPAA regulates the protection of sensitive health information to prevent it from being disclosed without the patient’s consent or knowledge. CCPA governs how companies around the world must handle the personal information of California residents. Any violation of the rules may result in high penalties. With DocuWare, you can store and process data and documents to ensure HIPPA or CCPA compliance.
High Level Security Information
- Document Encryption - All documents a restored with AES encryption, the US standard for top-secret documents with the highest military level of secrecy. For maximum protection, DocuWare relies on a key size of 256 bits, with symmetrical keys of 1024 bits. A new symmetrical key is generated for every document. This means that patterns cannot be recognized or keys calculated even with crypto analysis.
- Communication Encryption - The entire data traffic takes place via HTTPS with TLS encryption. This prevents critical data such as passwords and financial information from being captured. All customer data is secured via VPN at data centers used by DocuWare Cloud. In addition, technologies such as HSTS protect the cloud services, for example, against downgrade attacks and cookie hijacking.
- Data Separation - Your organization’s data is strictly separated from the DocuWare system data. All actions are logged.
- Data Storage and redundancy - With DocuWare Cloud, data is stored on a triply-mirrored basis in data centers (depending on the data protection region in the EU or the USA). In addition, the documents are also stored at a second location in the same region. Data can be also stored redundantly in on premise deployments.
24/5 Vendor Helpdesk with your DW Support Contract - DocuWare offers worldwide support 24 hours a day / 5 days a week (Monday-Friday) in case of business-critical incidents. DocuWare Support uses the "Follow-the-Sun" model. Meaning, that depending on which DocuWare support location is active, it will take over and respond to Support Requests coming from customers and partners around the world.