Contact Us
Sign In
Register for Empower 2021 — broadcasting worldwide February 22-26, 2021
Laserfiche empowers millions of organizations across hundreds of industries just like yours.
See what our customers say
Provide advanced data protection for your content with Laserfiche Cloud's robust security controls and advanced audit trail capabilities.
Laserfiche Cloud provides tenant isolation by logically segregating customer data between accounts. Customers do not have access to any other customer’s data or services.
All data sent between Laserfiche customers and applications is encrypted in transit using Transport Layer Security (TLS) with Perfect Forward Secrecy (PFS).
Data-at-rest in Laserfiche Cloud is protected using industry-standard AES-256 encryption.
Multi-factor authentication can be enabled for a Laserfiche Cloud user account.
Laserfiche Cloud supports single sign-on with Active Directory Federation Services (AD FS) and Security Assertion Markup Language (SAML).
Laserfiche Cloud supports industry-standard password controls, such as password minimum length, complexity and history.
Laserfiche performs a vulnerability scan of backend servers that run in the Laserfiche Cloud hosting environment.
Laserfiche engages third-party vendors to conduct external penetration testing of the Laserfiche Cloud system.
Laserfiche Cloud utilizes host-based intrusion detection systems to reduce the risk of data theft by individuals or organizations attempting to gain unauthorized access.
Laserfiche Cloud's firewall configuration settings are regularly reviewed based on industry standards.
Laserfiche Cloud supports auditing of both access to, and modification of, objects in repositories.
Administrators can configure access rights and privileges to limit actions that users can perform across the repository based upon role assignments or group memberships.
Administrators can use access rights to limit and control access to individual documents and objects. For example, security tags restrict access to documents on a document-by-document basis.
The Laserfiche Cloud repository audit log includes details of user actions, including viewing, modifying, creating and deleting documents, and similar operations on metadata and other repository objects.
Create, update and delete user accounts across applications and systems.
Automate the creation, maintenance and deletion of user accounts to reduce the cost and complexity of user management operations and improve security.
Laserfiche addresses several international data privacy and security standards and frameworks.
This report details the controls for Laserfiche Cloud related to the criteria for the security, availability and confidentiality principles set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
Laserfiche's SOC 2 Type 2 covers the security requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), provided within Title 45 Code of Federal Regulations Sections 164.308 – 312 (45 CFR Sections 164.308-312) (the Security Requirements).
Laserfiche addresses privacy regulatory requirements in Laserfiche Cloud and as part of our business operations. This includes the California Consumer Privacy Act (CCPA) as well as leading international privacy standards such as the General Data Privacy Regulation (GDPR) of the European Economic Area. For more information, see: https://www.laserfiche.com/legal/privacy/.
Laserfiche's Cloud Subscription Agreement incorporates, by reference, a standard data processing agreement for customers with operations in the European Economic Area.
Laserfiche Vault is a solution package of services and cloud-based features that supports stringent non-alterable record archival requirements such as WORM (write once, read many) compliance required by SEC Rule 17a-4 for broker dealers. Beyond financial services, Laserfiche Vault’s strict compliance mode can also be applied to support rigorous records management practices for electronically stored information (ESI) requiring prevention of any unauthorized alternations or deletions of digital records.
Laserfiche has published VPATs available for the web client, Public Portal, Import Agent, Connector, Laserfiche Microsoft Office Plug-in, the Laserfiche home page and its tabs including the task listing page and submitting forms, the process automation dashboard, listing pages and each process automation design tool, and custom reports.
Laserfiche provides detailed technical documentation that describes the functionality and architecture of the product to help support and streamline implementation.
Laserfiche has completed the Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CSA-CAIQ) and it will be available soon.
Laserfiche has completed the Higher Education Community Vendor Assessment Toolkit (HECVAT) and it will be available soon.
Laserfiche will publish a VPAT for mobile app.
Laserfiche is currently working on the ISO 27001 certification for Laserfiche Cloud.
Laserfiche's preventative, detective and corrective controls reduce risk while increasing uptime and availability.
Laserfiche Cloud SaaS services are hosted in multiple regions. Regions consist of multiple availability zones that are comprised of multiple data centers. These data centers are housed in separate facilities with redundant power, networking and connectivity.
Laserfiche publishes a status page that displays the current status of Laserfiche Cloud applications, maintenance notices and outage reports.
Laserfiche Cloud customer data is backed up multiple times per day. Backups are retained for defined periods with support for point in time recovery. All backup data is encrypted. Backup data is replicated and stored in geographically separate data centers. Backup and restoration is tested on at least a quarterly basis.
Laserfiche provides tools for migrating repositories in self-hosted environments to Laserfiche Cloud.
Laserfiche will provide sandbox environments for developers and administrators to test applications and extensions, and preview new features without impacting the production environment.
