VDOCS

Document Scanning Services

Software

Document Management

Go Paperless

VDOCS Security & Compliance: Secure Document Scanning

 

Our Commitment to Customer Data Security

 

At VDOCS, the protection of our customers' sensitive data is our highest priority. This document outlines the comprehensive security protocols we have in place to ensure your information remains confidential, secure, and available throughout the entire document management lifecycle.

We understand that you are entrusting us with critical business records, and our goal is to not only meet but exceed industry standards for data protection. Our security framework is designed to build and maintain your trust by:

 

Protecting Your Data:

We implement robust physical and cyber security measures to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of your information.

 

Demonstrating Compliance:

Our security protocols are aligned with formal, auditable risk management frameworks, including the guidelines of Vanta, a leading trust management platform. This alignment demonstrates our commitment to a structured, proactive approach to security and compliance, giving you confidence in our processes.

 

Mitigating Risk:

By following a formal risk assessment methodology, we actively identify potential threats and implement strong controls to mitigate them, ensuring your data is handled with the utmost care from the moment it is in our possession until it is securely returned to you.

 

The following sections detail our specific security procedures, from the physical handling of documents to our digital data transfer and deletion protocols, all of which are designed to provide you with a secure and reliable service.

 

 

Document Custody and Physical Document Handling, Scanning Process

 

Optional Pick up in Portions/Sections:

VDOCS will pack and pick up the documents per adjuster, complete the scanning of these records and then pack and pick up the next load. In this case, only a small section of customer records are with VDOCS.

 

Pick up of Documents:

VDOCS would pack documents in Boxes and label Boxes. Documents would be transported to VDOCS in unmarked vehicles.  At VDOCS, the documents would be put into our secure storage area.

 

Scanning of Documents - Insure Document Integrity

Each Workstation would scan only one box at a time. All documents would be taken out of the box, prepared for scanning and then scanned.

After scanning, the documents will be placed back in the folder and the folder placed in the original box. After the box is completed, the box will be labeled as completed and moved back into VDOCS storage.

 

Conversion:

The electronic scanned images will be indexed and converted to full-text searchable PDF files, and the folder, filing structure will be generated.

 

 

Risk Assessment Framework

 

A. Risk Identification and Assessment

VDOCS identifies potential risks to customer data by considering physical, operational, and cyber threats. We maintain a risk register to document and track each risk, assigning it a risk score based on its likelihood and potential impact. This process is reviewed annually or whenever a significant change occurs.

 

Identified Risk Scenario:

Unauthorized physical access to client documents.

Description: An unauthorized person gains entry to VDOCS's facility and accesses physical client documents.

Risk Score Calculation: Assessed based on the likelihood of a security breach and the potential impact of data loss. The risk score is a product of these two factors.

Mitigation Strategy: The physical security measures outlined below are the primary controls for this risk.

Identified Risk Scenario: Data breach due to unauthorized access to electronic files.

 

Description: Client data is accessed by an unauthorized party from a workstation, flash drive, or cloud storage.

Risk Score Calculation: Assessed based on the likelihood of a cyberattack and the potential impact of a data breach.

Mitigation Strategy: The data and cyber security measures outlined below are the primary controls for this risk.

Identified Risk Scenario: Data breach due to unauthorized access to a third-party cloud service or sFTP site.

 

Description: Customer data is compromised due to a misconfigured cloud storage account or an unsecure sFTP connection.

Risk Score Calculation: Assessed based on the risk associated with third-party service providers.

Mitigation Strategy: The secure transfer protocols and dedicated accounts outlined below serve as the primary controls.

 

B. VDOCS Security Controls and Procedures

The following procedures serve as security controls to mitigate the identified risks.

Physical Security VDOCS Corporation

CCTV:

VDOCS has video surveillance (not internet connected) that monitors all entrances and the document storage location. This serves as a control for physical access risks.

Secured Entrances:

The entrance of the scanning area is monitored and all doors are securely locked after entering and exiting. Only authorized personal are allowed in the scanning area. This is a critical access control measure.

Add. Fire Protection:

Additional Fire Protection, Fire Extinguisher, Sprinkler, are near the Document Storage and Scanning Area. This mitigates the risk of data loss due to fire.

Alarm System:

The facility is equipped with an alarm system. This is a key control for securing the premises outside of business hours.

Access Check and Validation:

All physical access points will be checked by VDOCS personnel to test and validate all access points are secured. This is a continuous monitoring procedure that ensures controls are effective.

Data, Cyber Security

Responsibility of Physical and Cyber Security, Training, Regulatory Compliance Ownership:

Scanning on Non-Internet connected workstations:

If required by you as our customer, VDOCS will set up scanning workstations that are not connected to the internet or any internet-connected computer. This would be like what we do for our On-Customer Premise Scanning Projects. Only these non-internet-connected workstations will be used for the scanning and processing of records from the customer. This is a critical mitigation strategy for cyber risks.

 

Data Transfer and Delivery

After scanning, indexing and file conversion, VDOCS will transfer the data using one of the following secured methods:

Optional Hard Drives or Flash Drives:

One drive will be used to deliver the already scanned records to the customer. The other hard drive will be used as a backup and stays with VDOCS until the project is completed. Then this hard drive will be also delivered to the customer.

Optional customer sFTP Site: 

Files will be transferred via a secure, encrypted sFTP connection. VDOCS will use a unique, dedicated account with a strong password and, if available, multi-factor authentication. Access will be limited to project-specific folders.

Optional Cloud Storage (OneDrive, Google Drive, Dropbox, SharePoint): 

Data will be transferred to a dedicated, shared folder in the customer's cloud storage account. The following controls will be implemented:

Secure Access:

VDOCS will only use a specific, project-dedicated user account with a strong password. We will utilize two-factor or multi-factor authentication (MFA) whenever possible.

Encryption: 

We will rely on the cloud service provider's built-in encryption for data in transit and at rest.

Need-to-Know Basis:

Access to the shared folder will be restricted to authorized VDOCS personnel on a need-to-know basis.

Optional: Flash Drives: 

ScanDisk Flash Drives come with ScanDiskSecure Access Software for encryption. The data would be secured with a password and cannot be retrieved without the password. The Flash Drives and the password that would be delivered to the authorized personnel at the customer.

Cloud Storage & sFTP: 

Encryption is provided by the third-party service (e.g., OneDrive, Google Drive, Dropbox) and is a prerequisite for using the service for data transfer.

Secure Electronic Data File Shredding:

After completion of the project, all scanned records for this scanning project on the scanning workstations will be deleted using ERASER electronic File Shredding Software. ERASER file shredding will prevent any possible restoration of any of the scanned images and data. In addition, all records transferred to customer-provided sFTP sites or cloud storage will be securely deleted by VDOCS personnel from those locations after the customer confirms receipt. This ensures all temporary copies of data are removed from VDOCS's control.

Hurricane, Storm Activities:

VDOCS operates from a secure facility (Cat 4) rated for high-wind conditions, ensuring the safety of your documents during a storm. In preparation for a heavy hurricane, we will pause all new scanning projects. Records currently in our care will either be securely stored on-site or returned to the customer, as decided upon in advance. Operations will restart as soon as it is safe to do so. This procedure is a critical part of our risk management and disaster recovery plan.


Contact VDOCS

VDOCS Corporation

7470 141st St. 
Seminole FL 33776

727-501-9800

855-501-9800

info@vdocs.org

To Contact us, please 


eMail VDOCS


call: 855-501-9800

call local: 727-501-9800

or 

text: 727-501-9800


VDOCS Terms and Conditions

2004-2025 Copyright VDOCS Corporation


VDOCS | Document Scanning Service | Blueprint Scanning | Medical Records Scanning | On-Site Scanning Services | Photo Scanning

VDOCS Software | OCR | autoINDEX>autoFILER Document Capture Software | VDS VDOCS Document Search | Bates Stamping Software

USA | Florida | Tampa | Clearwater | St Petersburg | Sarasota | Orlando | Miami | Jacksonville

....serving Florida since 2004