WestFax GLBA Compliance Statement

Compliance

WestFax GLBA Compliance Statement

Gramm-Leach-Bliley Act compliance

GLBA applies to all organizations, regardless of size, that are “significantly engaged” in providing financial products or services to consumers. This includes many companies not traditionally considered to be financial institutions, such as check cashing businesses, payday lenders, mortgage brokers, non-bank lenders, personal property or real estate appraisers, retailers that issue branded credit cards, professional tax preparers, and courier services. The law also applies to companies that receive information about customers of other financial institutions, including credit reporting agencies and ATM operators. In addition to developing their own safeguards, companies covered by the law are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care. This includes cloud-based software providers. Properly implementing faxing into your organization to provide secure, real-time electronic delivery of financial data is crucial to complying with this mandate.

How WestFax helps you ensure your GLB Act compliance.

WestFax takes security seriously. We service thousands of customers of all sizes, and the security protocols and policies are in place to ensure a complete and robust security framework. Utilizing the latest encryption standards and security best practices, WestFax has built a fax network that serves the enterprise faxing needs of financial organizations every day.

The transmitting or receiving of PII or Personally Identifiable Information utilizing fax requires encryption from its origin to transmittal and when the fax data is at rest. We securely store those faxes in the cloud, where they remain encrypted and protected with AES 256-bit encryption. In transmitting fax document from the customer location, we require TLS 1.2+ enabled protocols from point to point to ensure that all data is encrypted through its entire document lifecycle.

Transmission Security

High Security Data Centers

Data at rest Security

The highest level of TLS encryption available for data in transit either through our secure website, Print driver or secure API interfaces. WestFax supports TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207 and sFTP with TLS for safe and secure transport of documents to and from customer servers.
WestFax systems are deployed in secure SOC 2 compliant data centers. 24×7 guard staff and Video / DVR surveillance of facility and server cages. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third party access to the data centers.
WestFax assures the privacy of data while within our system by applying encryption at each phase of processing and using Access Control Lists. At rest AES 256 bit encryption of Fax data to guarantee privacy and prevent disclosure from intrusion. WestFax application architecture and file system security controls access for both external and internal system users accessing ePHI.

WestFax Security Details

  1. SECURITY FIRST
    WestFax actively manages and audits its system to provide unsurpassed systems security and incident response. WestFax brings comprehensive compliance support that includes GLBA, FISMA High / NIST SP 800-53, HIPAA, PCI-DSS Level 1, SOC 2 Type II, and SOC 3.

  2. PHYSICAL SECURITY
    WestFax systems are deployed in secure SOC 2 compliant data centers. 24×7 guard staff and Video/DVR surveillance of facility and server cages. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third-party access to the data centers.

  3. UNIQUE USER IDENTIFICATION
    WestFax ensures the username is unique, and that each session providing access to data is authenticated. Password complexity policies are enforced to ensure that passwords cannot be guessed or compromised. WestFax user activity logging captures access and activity. AUTHENTICATION

  4. AUTHENTICATION
    Existing user login requires a username and password. Access to secure messages can be further protected by a multi-factor authentication and administrator-controlled Access Control List (ACL).

  5. TRANSMISSION SECURITY
    The highest level of TLS encryption available for data in transit either through our secure website or secure API interfaces. WestFax supports TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207. FTPS and SFTP with TLS for safe and secure transport of documents to and from your existing servers.

  6. ACCESS CONTROL
    ePHI data is isolated to servers and storage system in the WestFax “private cloud” environment. Software and systems require user passwords.

  7. DATA INTEGRITY
    WestFax protects the integrity of PII and PHI on its secure platform via end-to-end encryption and decryption of messages transferred over the TLS protocol. Signature protocol prevents data tampering while data is en-route. To protect against destruction, all messages are securely archived on a central server after encryption.

  8. AUDIT CONTROL
    Audit logs of external and internal system users are reviewed in real-time to proactively detect and prevent security issues with the online fax services. ID and Authorization are required to enter building, with extra biometric control of “private cloud” areas. Strictly controlled, logged and audited third-party access to the data centers. 24×7 guard staff and Video/DVR surveillance of facility and server cages.

About WestFax

WestFax is a leading secure cloud fax provider based in the United States and serving our customers proudly since 1999. With over 20 years of experience, we have the background and knowledge to ensure your PII and fax data is secure.

Reach out to us today at 800-473-6208 or sales@westfax.com to learn more about our Fax offerings for Financial Networks