SOC 2 Type 2

This report details the controls for Laserfiche Cloud related to the criteria for the security, availability and confidentiality principles set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).



Laserfiche’s SOC Type 2 Plus covers the security requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), provided within Title 45 Code of Federal Regulations Sections 164.308 – 312 (45 CFR Sections 164.308-312) (the Security Requirements).

DoD 5015.2 Records Management Applications

DoD 5015.2 details the Department of Defense’s baseline requirements for Records Management Applications (RMA), that facilitate adequate and appropriate basis for addressing the basic challenges of managing records in the automated environment that increasingly characterizes the creation and use of records. Laserfiche Cloud records management controls are based on our self-hosted Department of Defense 5015.2 version 3-certified electronic records management capabilities.

Section 508 Compliant

Voluntary Product Accessibility Section 508 Compliance

Laserfiche has published VPATs available for the web client, Public Portal, Import Agent, Connector, Laserfiche Microsoft Office Plug-in, the Laserfiche home page and its tabs including the task listing page and submitting forms, the process automation dashboard, listing pages, each process automation design tool and custom reports.

ISO IEC 27001-2022

ISO/IEC 27001:2022

Laserfiche meets the information security requirements of the ISO/IEC 27001 certification for the information security management system (ISMS) which is the standard for how companies should establish, implement, maintain and continually improve an information security management system.

Learn More

SEC Rule 17a-4

Laserfiche Vault is a Laserfiche Cloud solution package of services and cloud-based features that supports stringent non-alterable record archival requirements such as WORM (write once, read many) compliance required by SEC Rule 17a-4 for broker dealers. Beyond financial services, Laserfiche Vault’s strict compliance mode can also be applied to support rigorous records management practices for electronically stored information (ESI) requiring prevention of any unauthorized alternations or deletions of digital records.



Laserfiche has completed the Higher Education Community Vendor Assessment Toolkit (HECVAT).

Contact Us for Your ECM Needs

Whether you have product questions, support needs, or want to partner with us, we’re here to help you on your digital transformation journey. Fill out the form and a Laserfiche team member will be in touch as soon as possible.