Cyber-attacks and data fraud were included as two of the top five risks CEOs felt they were likely to face when polled at a recent World Economic Forum. As organizations embrace technology at breakneck speeds and increasingly move to cloud-based programs, their developments often outpace their ability to safeguard data, and that comes at a price. Research from IBM shows that the average security breach is $3.86 million globally, with the United States leading the pack at $8.64 million per breach.
Working with government agencies, financial institutions, insurance companies, and large healthcare organizations, DATAMARK knows that the difference isn’t only avoiding catastrophic consequences. Even those with robust data security protocols must sometimes demonstrate their aptitude and controls to win contracts, maintain client relationships, or remain compliant with government regulations. Moreover, when data security expectations exist, they typically impact vendors and contractors every bit as much as they do the company directly responsible for ensuring safeguards are in place.
As a leading business process outsourcing (BPO) company, DATAMARK takes concerns like cyber attacks, data fraud, natural disasters, and even simple human error very seriously and has the expertise to protect a wide variety of organizations across some of the most sensitive industries. But what exactly does that mean? Below, we’ll explore the DATAMARK approach to data security, various frameworks, and compliance guidelines we work with, so it’s easier to see how we keep the data our clients entrust us with safe.
With facilities across the globe, including the U.S., Mexico, and India, DATAMARK has developed robust security protocols of our own that typically exceed the needs of incoming clients. However, if your organization needs something more, we’re happy to create a custom solution.
As you explore the video of our facility in Juarez, just across the border from our headquarters in El Paso, Texas, you’ll be able to see a number of data security measures already in place. Similar features are integrated into each of our locations, though they’re tailored to the types of data involved and client needs.
Note the badges on each of the employees shown in the video. This layer of protection ensures only those with the right credentials can be in the proximity of data. Employees only get their badges after they’ve passed a background check and completed training.
You’ll also see fingerprint scanners used—a high-tech method of access control that goes well beyond the standard. Rooms and workstations where data is held are only accessible to those who need access to perform their jobs as well. For example, those responsible for sorting mail work in different areas from those performing other back-office tasks.
Data backups are handled according to your needs, be it daily, weekly, monthly, or on any other schedule. We can also hold your data for years if needed for regulatory compliance and/or destroy it on your preferred timeline. This is an essential part of business continuity planning and goes a long way to recover after an unexpected event.
You may have missed the fire extinguisher on the wall—it was only visible for a moment—but fire protection is yet another way DATAMARK protects your data. We not only install fire extinguishers but train staff on how to use them. Facilities have sprinklers as well. Additionally, some areas are equipped with thermal sensors that identify when a room is warmer than it should be and alert the right team members, so any issues are addressed right away.
“Teachability is one of the core values of DATAMARK,” explains Chris Abilez, a DATAMARK Information Security Specialist. “When it comes to data security, we’re always learning new ways to protect our data and customer data,” he says. This approach helps ensure the team is prepared as new threats emerge.
DATAMARK’s internal team performs regular audits to ensure data security is being addressed to established protocols, but companies often conduct their own audits as well. In these cases, DATAMARK can provide the documentation necessary to prove compliance with specific frameworks and routinely meets with information security and IT professionals from client companies to ensure all needs are being met.
DATAMARK is SOC 2 compliant and abides by all client requirements for compliance and/or certification of 3rd-party regulations including, but not limited to, PCI and HIPAA. Because of this, we’re able to meet the guidelines of virtually any commonly used data security framework.
Otherwise known as Service Organization Control 2, SOC 2 was developed by the American Institute of CPAs (AICPA). Designed to address the data security needs of service providers, especially those which store customer data in the cloud, SOC 2 compliance is built around five trust principles:
Founded by American Express, Discover, JCB International, MasterCard, and Visa Inc., the Payment Card Industry Security Standards Council (PCI SSC) created the Payment Card Industry Data Security Standard (PCI DSS). Naturally, it addresses organizations’ data security needs that accept their credit cards focuses on six primary goals.
The Federal Information Security Management Act of 2002 (FISMA) was the United States government’s first attempt at creating data security protocols for all its agencies. Although each agency is permitted to develop its own processes and procedures, FISMA lays out what they must accomplish with them. Organizations that want to be FISMA-compliant will need to look to the National Institute of Standards and Technology (NIST) framework for security.
Healthcare organizations that handle protected health information (PHI) or electronically protected health information (ePHI) are subject to Health Insurance Portability and Accountability Act (HIPAA) regulations. PHI examples include patient names, addresses, account numbers, treatment dates, and patient photos. Even though organizations have some leeway in how they address compliance to the HIPAA Privacy Rule and HIPAA Security Rule, as organizations from the smallest solo practitioner through multinational insurance companies and government agencies will have varying abilities to safeguard ePHI, the U.S. Department of Health and Human Services (HHS) is quite clear on areas that must be addressed.
Those in the healthcare industry may also be concerned about HITRUST certification. Whereas the aforementioned certifications and frameworks were created by insiders within each sector to address their own data security concerns, HITRUST is more of a fusion of multiple data security frameworks. To that end, the group refers to its accreditation as a Common Security Framework (CSF) certification.
The goal of HITRUST is not to be HIPAA-compliant, per se, but rather to have robust data security protocols in place. As organizations earn HITRUST CSF certifications, they also institute all the measures necessary to be compliant with HIPPA guidelines and a host of others, such as FTC, HITECH, PCI, COBIT, and NIST.
Data security is one of the many things DATAMARK naturally integrates into our assessment and planning process, whether a company needs help with a contact center, data capture, digital mailroom, or any number of outsourced back-office solutions. If your organization wants to learn more about how DATAMARK can help you become more profitable and efficient while keeping your data secure, contact us for a complimentary consultation.