Certifications and compliance
XMedius keeps up with the shifting compliance landscape to keep our online fax solutions current and to ensure that our customers can continue to send and receive files securely within specific industry regulations.
ISO/IEC 27001 – Information Security Management
The International Organization for Standardization (ISO 27001) is a structured methodology for information security and used as a benchmark for protecting sensitive and private information. It is often understood as an umbrella over other legal requirements, regulations (such as JSOX, SOX, and the Data Protection Directive) or contractual standards (PCI DSS).
XMedius complies with ISO/IEC 27001 since 2015. This ensures that our information security standards are continuously fine-tuned to keep pace with security threats and vulnerabilities that impact businesses. XMedius covers the 11 major controls required as part of the ISO 27001 compliance standard that comprise best practices.
This certification demonstrates XMedius’ commitment to high levels of information security management.
The Health Insurance Portability and Accountability Act
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a US legislation that was implemented to protect the confidentiality and integrity of electronic personal health information (ePHI). Compliance means that both virtual and physical networks and servers must be maintained according to HIPAA policies and verified in the event of an audit.
A large and growing number of healthcare providers and IT professionals are using XMedius’ utility-based cloud services to process, store, and transmit ePHI. XMedius enables partners and end-customers subject to HIPAA to leverage the secure XMedius environment to process, maintain, and store protected health information according to HIPAA policies. For more information on HIPAA for individuals and professionals, visit the HHS website.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA states that parents of students under 18, or eligible students (students over 18, or those who have matriculated to an educational institution above high school) be allowed to view and propose amendments to their educational records. The act also mandates that schools must obtain written permission from parents or eligible students in order to release a student’s personally identifiable information.
XMedius enables schools subject to FERPA to leverage the secure XMedius environment to process, maintain, and store protected students’ information in accordance with FERPA policies.
Sarbanes-Oxley Act Of 2002 (SOX)
The Sarbanes-Oxley Act of 2002 is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the workplace, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirements.
It does not only affect the financial side of corporations, but also IT departments charged with storing a corporation’s electronic records. The act is not a set of business practices and does not specify how a business should store records; rather, it defines which records should be stored and for how long.
XMedius helps IT departments that are increasingly tasked with creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.
Section 508 Amendment to the Rehabilitation Act of 1973
In 1998, the US Congress amended the Rehabilitation Act to require Federal agencies to make their electronic and information technology accessible to people with disabilities. Section 508 was enacted to eliminate barriers in information technology, to make new opportunities for people with disabilities available, and to encourage development of technologies that will help achieve these goals. The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508, agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.