Compliance: Privacy and Security Standards
The key component of Octacom’s solution and services is the application of best practices.
Our production facilities adhere to rigorous physical and logistical security standards. These include, but are not limited to: application of the key internal control components of physical protection, control and limitation of access (both physical and logistical), separation of duties, delegation of authority, application of joint/common custody concepts and password protection of sensitive data files. In conjunction with our physical security measures, our security and privacy controls lie within the way we manage our staff and the methods we utilize to manage and safeguard our client’s data and images within our production environments.
Octacom strictly follows industry-specific guidelines and policies in order to maintain the utmost in security and discretion in every sector. Below is a list of some of our capabilities and certifications. Not mentioned below include our compliance with COACH and CHIMA, which apply to our clients in the healthcare sector.
Documented and enforced policies are in place whether we are performing services on-site at our clients’ premises or off-site in one of our production facilities. A detailed description of these capabilities is available to our clients in our Production Systems Information and Data Security Overview.
Regular Audits and HITRUST
Octacom’s physical and information security is regularly tested, validated and audited. Octacom is a SOC 2, Type II Audited organization.
Octacom is also compliant with HITRUST CSF security certification criteria, as attested to by Octacom’s SOC 2, Type II Report. HITRUST’s Common Security Framework (CSF) has been assembled by North America’s largest health care service organizations in healthcare, technology and information security, and is one of the most well-respected frameworks of its type. Octacom is proud to have undertaken this initiative.
Protected Level B – Private
Octacom maintains reliability status to include Document Safeguarding Capability up to and including Protected Level B. This level of protection includes that of medical records, financial information, as well as other forms of personal information. We take extreme care to ensure your information is always secure and protected.
Octacom is registered with the Canadian Controlled Goods Registration Program (CGRP) and maintains a valid Controlled Goods Certificate enabling the examination, processing and transferring of Controlled Goods in accordance with the Defence Production Act.
PIPEDA and PHIPA
PIPEDA and PHIPA
Octacom Limited is a PIPEDA (Personal Information Protection and Electronic Documents Act) and PHIPA (Personal Health Information Protection Act) compliant organization with designated privacy officers, written privacy policies and a staff privacy training program. We understand the confidential nature of our client’s records and the issues surrounding the protection of the personal information of which our clients may entrust us as agents.
Compliant to ITAR
Octacom is compliant with the rules and regulations that are associated with ITAR, the U.S. government regulation which controls export/import of defense articles and data. Octacom has security systems and procedures in place and is registered to handle ITAR restricted data. Through internal monitoring, secure systems, databases and specialized employee training we ensure confidential information always remains protected.
Octacom’s team are members of and hold certificates from AIIM (Association for Information and Image Management), a globally respected industry organization providing education, research, best practices and certification in information management.