Compliance: Privacy and Security Standards
The key component of Octacom’s solution and services is the application of best practices.
Our production facilities adhere to rigorous physical and logistical security standards. These include, but are not limited to: application of the key internal control components of physical protection, control and limitation of access (both physical and logistical), separation of duties, delegation of authority, application of joint/common custody concepts and password protection of sensitive data files. In conjunction with our physical security measures, our security and privacy controls lie within the way we manage our staff and the methods we utilize to manage and safeguard our client’s data and images within our production environments.
Octacom strictly follows industry-specific guidelines and policies in order to maintain the utmost in security and discretion in every sector. Below is a list of some of our capabilities and certifications. Not mentioned below include our compliance with COACH and CHIMA, which apply to our clients in the healthcare sector.
Documented and enforced policies are in place whether we are performing services on-site at our clients’ premises or off-site in one of our production facilities. A detailed description of these capabilities is available to our clients in our Production Systems Information and Data Security Overview.
Protected Level B – Private
Octacom maintains reliability status to include Document Safeguarding Capability up to and including Protected Level B. This level of protection includes that of medical records, financial information, as well as other forms of personal information. We take extreme care to ensure your information is always secure and protected.
PIPEDA and PHIPA
PIPEDA and PHIPA
Octacom Limited is a PIPEDA (Personal Information Protection and Electronic Documents Act) and PHIPA (Personal Health Information Protection Act) compliant organization with designated privacy officers, written privacy policies and a staff privacy training program. We understand the confidential nature of our client’s records and the issues surrounding the protection of the personal information of which our clients may entrust us as agents.
Octacom’s physical and information security is regularly tested, validated and audited. (SSAE16 SOC1 Type 2)
Octacom is registered with the Canadian Controlled Goods Registration Program (CGRP) and maintains a valid Controlled Goods Certificate enabling the examination, processing and transferring of Controlled Goods in accordance with the Defence Production Act.
Compliant to ITAR
Octacom is compliant with the rules and regulations that are associated with ITAR, the U.S. government regulation which controls export/import of defense articles and data. Octacom has security systems and procedures in place and is registered to handle ITAR restricted data. Through internal monitoring, secure systems, databases and specialized employee training we ensure confidential information always remains protected.