In 2024, Softdocs took significant strides to reinforce our commitment to security, establishing ourselves as a leader in data safety and compliance.
Each year, we undergo a rigorous SOC 2 Type II, adhering to the same high standards used by our Azure data centers. In partnership with KirkpatrickPrice, an independent audit firm, we recently completed our annual review and received a clean report with no exceptions.
Steve Johnston, Chief Operating Officer at Softdocs, shares:
Ensuring Organization-Wide Compliance with NIST 800-53
We’ve also adopted the NIST 800-53 framework, developed by the National Institute of Standards and Technology (NIST). This framework provides a comprehensive set of security and privacy controls designed to safeguard the confidentiality, integrity, and availability of information systems. NIST is regularly updated to address emerging threats, including mappings and crosswalks to other frameworks and standards.
With KirkpatrickPrice as our strategic partner, we implemented these controls and guidelines to strengthen our security posture. This project included several key milestones and deliverables:
- Conducting a comprehensive asset-based risk assessment.
- Performing a gap analysis of NIST 800-53 controls and best practices.
- Remediating any identified gaps.
- Undergoing a NIST 800-53 audit conducted by KirkpatrickPrice.
Following a meticulous three-month audit, Softdocs successfully implemented the NIST 800-53 cybersecurity framework, affirming our compliance with the highest security standards.
State-Specific Security Compliance
Softdocs has achieved TexasRAMP Level 2 certification, instilling confidence in Texas state agencies, K-12 school districts, and higher education institutions that their data is secure. The Texas Risk and Authorization Management Program provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies.
This certification signifies Softdocs’ stringent security standards built to protect our customers’ most sensitive information across our capture, workflow, and document management platform. To maintain this certification, we provide quarterly continuous monitoring updates to the Texas Department of Information Resources (DIR).
Softdocs Hires for New Security Ranger Role
We introduced a new Security Ranger role within the Engineering team to promote a focused layer of defense from security vulnerabilities. Rangers participate in specialized training to gain certifications for their tasks, review all code changes for vulnerabilities, and attend weekly meetings to discuss cybersecurity news and security-related issues within their engineering sphere.
Rangers are assigned to every engineering team so there is a security-focused presence in all planning and design meetings for the developed solutions and enhancements. As we look to the future, Softdocs remains dedicated to staying ahead of emerging cyber threats and maintaining the highest levels of security for our clients. Our commitment to security is not a one-time effort — it’s an ongoing journey.
Learn more about our ongoing efforts to enhance cybersecurity and compliance in this on-demand webinar: “Delivering Secure and Compliant Document Management and Process Automation.”
Tags
