Compliance

SOC 2 Type 2 Plus

This report details the controls for Laserfiche Cloud related to the criteria for the security, availability and confidentiality principles set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

HIPAA

Laserfiche’s SOC Type 2 Plus covers the security requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), provided within Title 45 Code of Federal Regulations Sections 164.308 – 312 (45 CFR Sections 164.308-312) (the Security Requirements).

DoD 5015.2 Records Management Applications

DoD 5015.2 details the Department of Defense’s baseline requirements for Records Management Applications (RMA), that facilitate adequate and appropriate basis for addressing the basic challenges of managing records in the automated environment that increasingly characterizes the creation and use of records. Laserfiche Cloud records management controls are based on our self-hosted Department of Defense 5015.2 version 3-certified electronic records management capabilities.

Voluntary Product Accessibility Section 508 Compliance

Laserfiche has published VPATs available for the web client, Public Portal, Import Agent, Connector, Laserfiche Microsoft Office Plug-in, the Laserfiche home page and its tabs including the task listing page and submitting forms, the process automation dashboard, listing pages and each process automation design tool, and custom reports.

VERS v2

Laserfiche Cloud addresses long-term data preservation requirements with a standard format that meets Victorian Electronic Records Strategy (VERS) v2 requirements.

SEC Rule 17a-4

Vault is a Laserfiche Cloud solution package of services and cloud-based features that supports stringent non-alterable record archival requirements such as WORM (write once, read many) compliance required by SEC Rule 17a-4 for broker dealers. Beyond financial services, strict compliance mode available in Laserfiche Vault, can also be applied to support rigorous records management practices for electronically stored information (ESI) requiring prevention of any unauthorized alterations or deletions of digital records.

Upcoming

CSA-CAIQ

Laserfiche has completed the Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CSA-CAIQ) and it will be available soon.

HECVAT

Laserfiche has completed the Higher Education Community Vendor Assessment Toolkit (HECVAT) and it will be available soon.

Voluntary Product Accessibility Section 508 Compliance

Laserfiche will publish a VPAT for mobile app.

ISO 27001:2015

Laserfiche is currently working on the ISO 27001 certification for Laserfiche Cloud.

Ready to transform the way you work?