WestFax FERPA Compliance Statement

Compliance

WestFax FERPA Compliance Statement

WestFax FERPA compliance

Traditional fax machines (Hardware based machines) are inherently insecure. Physical access being the key security constraint makes it difficult to maintain security over the outgoing and incoming fax documents and ensuring that the documents are kept secure, confidential and correctly routed relies on someone looking at the document, determining the receiver of the content and then delivering the document to that person. Moving from traditional hardware-based faxing is the first step in securing your fax architecture and keeping yourself on the right side of the law with regards to FERPA (Family Educational Rights and Privacy Act)

What is FERPA and why do you need to be FERPA Compliant?

The Family Educational Rights and Privacy Act (FERPA) is a law that give parents and guardians the right of access to their children’s educational records as well as the right to seek to have the records updated, and the ability to have control over the disclosure of personally identifiable information from the education records.

The transmitting or receiving of PII or Personally Identifiable Information utilizing fax requires encryption from its origin to transmittal and when the fax data is at rest. We securely store those faxes in the cloud, where they remain encrypted and protected with AES 256-bit encryption. In transmitting fax document from the customer location, we require TLS 1.2+ enabled protocols from point to point to ensure that all data is encrypted through its entire document lifecycle.

Transmission Security

High Security Data Centers

Data at rest Security

The highest level of TLS encryption available for data in transit either through our secure website, Print driver or secure API interfaces. WestFax supports TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207 and sFTP with TLS for safe and secure transport of documents to and from customer servers.
WestFax systems are deployed in secure SOC 2 compliant data centers. 24×7 guard staff and Video / DVR surveillance of facility and server cages. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third party access to the data centers.
WestFax assures the privacy of data while within our system by applying encryption at each phase of processing and using Access Control Lists. At rest AES 256 bit encryption of Fax data to guarantee privacy and prevent disclosure from intrusion. WestFax application architecture and file system security controls access for both external and internal system users accessing ePHI.

WestFax Security Details

  1. SECURITY FIRST
    WestFax actively manages and audits its system to provide unsurpassed systems security and incident response. WestFax brings comprehensive compliance support that includes GLBA, FISMA High / NIST SP 800-53, HIPAA, PCI-DSS Level 1, SOC 2 Type II, and SOC 3.

  2. PHYSICAL SECURITY
    WestFax systems are deployed in secure SOC 2 compliant data centers. 24×7 guard staff and Video/DVR surveillance of facility and server cages. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third-party access to the data centers.

  3. UNIQUE USER IDENTIFICATION
    WestFax ensures the username is unique, and that each session providing access to data is authenticated. Password complexity policies are enforced to ensure that passwords cannot be guessed or compromised. WestFax user activity logging captures access and activity. AUTHENTICATION

  4. AUTHENTICATION
    Existing user login requires a username and password. Access to secure messages can be further protected by a multi-factor authentication and administrator-controlled Access Control List (ACL).

  5. TRANSMISSION SECURITY
    The highest level of TLS encryption available for data in transit either through our secure website or secure API interfaces. WestFax supports TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207. FTPS and SFTP with TLS for safe and secure transport of documents to and from your existing servers.

  6. ACCESS CONTROL
    ePHI data is isolated to servers and storage system in the WestFax “private cloud” environment. Software and systems require user passwords.

  7. DATA INTEGRITY
    WestFax protects the integrity of PII and PHI on its secure platform via end-to-end encryption and decryption of messages transferred over the TLS protocol. Signature protocol prevents data tampering while data is en-route. To protect against destruction, all messages are securely archived on a central server after encryption.

  8. AUDIT CONTROL
    Audit logs of external and internal system users are reviewed in real-time to proactively detect and prevent security issues with the online fax services. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third-party access to the data centers. 24×7 guard staff and Video/DVR surveillance of facility and server cages.

About WestFax

WestFax is a leading secure cloud fax provider based in the United States and serving our customers proudly since 1999. With over 23 years of experience, we have the background and knowledge to ensure your PII and fax data is secure.

Reach out to us today at 800-473-6208 or sales@westfax.com to learn more about our Fax offerings for Education.