Follow Us
    

DadeSystems top priority is keeping all of our customers’ data secure. We utilize an industry leading cloud provider who is recognized for their standards in security. To that end, we are audited annually for both the SOC1 and SOC2 audits we apply our own security protocols at the organizational, architectural, and operational levels to ensure that your data, applications, and infrastructure remain secure.

 

Organizational Security

All DadeSystems employees receive security, privacy, and compliance training when they are hired. Regular training is held throughout the year to keep current on up to date security practices and new procedures. All employees at DadeSystems may have varying levels of security access depending on their role, and training is applied based on that role. In the end, security is everybody’s responsibility at DadeSystems.

 

Architectural Security

Processing Relationship
Our customers are responsible for entering their data into the DadePay and therefore is the data controller. DadeSystems is the data processor. This means that you have full control of the data entered into services, as well as all setup and configurations. Because you control your data—and we only process it—you won’t have to rely on us to perform day-to-day tasks.

 

Data Encryption
DadeSystems encrypts every sensitive attribute of customer data before it’s persisted in a database. This is a fundamental design characteristic of the DadeSystems technology.

 

Logical Security
DadeSystems security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and certificate authentication for both user and web services integrations.

 

Single-Sign-On Support
SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and DadeSystems. Customers log in to their company’s internal web portal using their enterprise username and password and are then presented with a link to DadeSystems, which automatically gives customers access without having to log in again.

 

DadeSystems Native Login
For customers who wish to use our native login, DadeSystems only stores our DadeSystems password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user.

 

Operational Security

Physical Security
DadeSystems applications are hosted in state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strictest physical security measures including, but not limited to, the following:

• Multiple layers of authentication for server area access
• Two-factor biometric authentication for critical areas
• Camera surveillance systems at key internal and external entry points
• 24/7 monitoring by security personnel

All physical access to the data centers is highly restricted and stringently regulated.

 

Network Security
DadeSystems has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the environment.

 

Application Security
DadeSystems has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of all applications.
This program includes an in-depth security risk assessment and review of DadeSystems features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.

 

Vulnerability Assessments
DadeSystems contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.

 

Application
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our web and mobile application prior to each major release. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities.

 

Network
External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.

Data privacy regulations are complex, vary from country to country, and impose stringent requirements. When choosing application vendors, businesses should select one that can comply with their data protection obligations and protect the privacy of their data. With DadeSystems, you gain leading privacy functionality and practices that enable you to meet your privacy obligations.

 

Privacy
DadeSystems founded our privacy program on strict policies and procedures regarding access to and the use, disclosure, and transfer of customer data. The core of our privacy program is that DadeSystems employees do not access, use, disclose, or transfer customer data unless it is in accordance with a contractual agreement or at the direction of the customer.

As data protection issues and global laws continue to evolve and become increasingly complex, DadeSystems understands the importance of a privacy program that is embedded into our company’s culture and services. Our philosophy of Privacy by Design is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data.

 

Review our privacy policy to learn more about how we manage and protect our customers’ information.

Today’s technology leaders are charged with securing and protecting the customer, employee, and intellectual property data of their companies in an environment of increasingly complex security threats. Companies are also responsible for complying with all applicable laws, including those related to data privacy and transmission of personal data, even when a service provider holds and processes a company’s data on its behalf.

 

DadeSystems maintains a formal and comprehensive security program designed to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to our customers’ data. The specifics of our security program are detailed in our third-party security audits and international certifications.

 

To help your compliance and legal teams understand and validate the compliance requirements for your organization, we’ve gathered the following compliance resources.

 

Third-Party Audits and Certifications

 

SOC 1

 

Service Organization Controls (SOC 1) reports provide information about a service organization’s control environment that may be relevant to the customer’s internal controls over financial reporting.

 

Our SOC 1 Type II report is issued in accordance with Statements on Standards of Attestation Engagements (SSAE) No. 18 (Reporting on Controls at a Service Organization) and the International Standard on Assurance Engagements (ISAE) 3402 (Assurance Reports on Controls at a Service Organization). The SOC 1 report, covering the design and operating effectiveness of controls relevant to DadeSystems’ applications, is issued annually and covers the twelve-month period of October 1 through September 30.

 

SOC 2

 

The DadeSystems SOC 2 Type II report is an independent assessment of our control environment performed by a third party.

 

The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements). The report covers the 12-month period of October 1 through September 30, and details the design and operating effectiveness of controls relevant to any system containing customer data as part of the DadeSystems’ Applications. The DadeSystems SOC 2 report addresses all of the Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy).

 

HIPAA

 

DadeSystems has completed a Health Insurance Portability and Accountability Act (HIPAA) third-party attestation for DadeSystems enterprise cloud applications, which provides assurance that DadeSystems has a HIPAA-compliance program with adequate measures for saving, accessing, and sharing individual medical and personal information.

 

DadeSystems will sign business associate agreements (BAAs) with our customers when requested. These agreements ensure that our customers are able to meet their HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH) compliance requirements.

 

CCPA

 

DadeSystems has completed a California Consumer Protection Act (CCPA) assessment for DadeSystems’ applications, which provides assurance that DadeSystems has a CCPA compliance program with adequate measures for safeguarding and using personal information.

 

DadeSystems will sign service provider agreements with our customers when requested. These agreements ensure that our customers are able to meet their CCPA compliance requirements.