Stay Secure
Your document security is a top priority at Labelify. Every day we ensure that our security is parallel with industry standards and compliance.
ISO 9001:2015
ISO 27001:2013
AICPA SOC
HIPAA
GDPR
Amazon AWS
FERPA
Privacy Shield
certified
certified
SOC II Type II certified
compliant
compliant
physical security
compliant
certified
ISO 9001:2015 certified
The International Organization for Standardization (ISO) 9001:2015 certification demonstrates that Labelify has adopted the International Standard on Quality Management system and that our processes are well defined, managed, and resourced. This certification also illustrates our ability to consistently provide high-quality services, work ethically to comply with applicable regulatory requirements, and exercise great care in protecting your data.
ISO 27001:2013 certified
Labelify International Organization for Standardization (ISO) 27001 certification assures you that our Information Security Management System has been tested and audited in accordance with internationally accepted standards. The certification also means that we implemented a robust risk management process to regularly identify and manage data security risks, and that we satisfy client requirements for industry-standard certifications and high levels of security capabilities.
Certification
Labelify is SOC II Type II certified. We can provide an SSAE 18 SOC 2 report and attestations of compliance, upon request. Labelify services are hosted on the Amazon AWS platform and this document details the ways in which we leverage the massive investments that Amazon continues to make in security to the benefit of our customers.
HIPAA compliant
Labelify is fully committed to helping healthcare providers protect patients’ healthcare information when sending ePHI via Labelify. Labelify is compliant with HIPAA and the Privacy Rule, as well as the Administrative Safeguards, Physical Safeguards and Technical Safeguards of the Security Rule.
GDPR compliance
Labelify recognizes that protecting privacy requires a holistic security program. We’ve completed extensive research and created a resources page with detailed information explaining what GDPR is and how Labelify is compliant.
Amazon AWS
Labelify data centers (handled by Amazon AWS) are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.
FERPA
Labelify helps schools facilitate electronic communication between educators, administrators, and school districts and parents and students in full compliance with FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) as to protect the privacy of student education records.
Third-party Subprocessors
Labelify currently uses third-party
Subprocessors to provide various business functions after due diligence to evaluate their defensive posture and executes an agreement requiring each Subprocessor to maintain minimum acceptable security practices.
Software security
Servers and networking
All servers that run Labelify software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon RDS, S3 and others, are comprehensively hardened AWS infrastructure-as-a-service (laaS) platforms.
Storage
Labelify stores document data such as metadata, activity, original files, and customer’s data in different locations while also compiling and generating documents when requested. All data in each location is encrypted at rest with AES-256 and sophisticated encryption keys management
Coding and testing practices
Labelify uses external secure third party payment processing and does not process, store, or transmit any payment card data.
Employee access
We follow the principle of least privilege in how we write software, as well as the level of access employees, are instructed to use in diagnosing and resolving problems in our software and responding to customer support requests.
Isolated environments
The production network segments are logically isolated from other Corporate, QA, and Development segments.
Customer payment information
Labelify leverages industry standard programming techniques such as having a documented development and quality assurance processes, and also following guidelines such as the OWASP report, to ensure that the applications meet security standards.
System monitoring & alerting
At Labelify, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on- call DevOps team members and escalated appropriately to operations management.
Service levels & backups
Labelify infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We do full daily automated backups of our databases. All backups are encrypted.
Vulnerability testing
Web application security is evaluated by the development team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.
Choose a better partner
Our specialist will guide you through key features of our service offering that are relevant to your business.
Ready to Get Started? We are.
