Certifications and compliance
XMedius keeps up with the shifting compliance landscape to keep our online fax solutions, secure file transfer, and unified communications systems current. Our experts work hard to ensure that our customers can continue to communicate securely and effectively within specific industry regulations.
ISO/IEC 27001 – Information Security Management
The International Organization for Standardization (ISO 27001) is a structured methodology for information security and used as a benchmark for protecting sensitive and private information. It is often understood as an umbrella over other legal requirements, regulations (such as JSOX, SOX, and the Data Protection Directive) or contractual standards (PCI DSS).
XMedius has complied with ISO/IEC 27001 since 2015. This ensures that our information security standards are continuously fine-tuned to keep pace with security threats and vulnerabilities that impact businesses. XMedius covers the 11 major controls required as part of the ISO 27001 compliance standard.
This certification demonstrates XMedius’ commitment to high levels of information security management.
The Health Insurance Portability and Accountability Act
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a US legislation that was implemented to protect the confidentiality and integrity of electronic personal health information (ePHI). Compliance means that both virtual and physical networks and servers must be maintained according to HIPAA policies and verified in the event of an audit.
A large and growing number of healthcare providers and IT professionals are using XMedius’ services to process, store, and transmit ePHI. XMedius enables partners and end-customers subject to HIPAA to leverage the secure XMedius environment to process, maintain, and store protected health information according to HIPAA policies.
For more information on HIPAA for individuals and professionals, visit the HHS website.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA states that parents of students under 18, or eligible students (students over 18, or those who have matriculated to an educational institution above high school) be allowed to view and propose amendments to their educational records. The act also mandates that schools must obtain written permission from parents or eligible students in order to release a student’s personally identifiable information.
XMedius enables schools subject to FERPA to leverage the secure XMedius environment to process, maintain, and store protected students’ information in accordance with FERPA policies.
Sarbanes-Oxley Act of 2002 (SOX)
The Sarbanes-Oxley Act of 2002 is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the workplace, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirements.
The SOX act does not only affect the financial side of corporations, but also IT departments charged with storing a corporation’s electronic records. The act is not a set of business practices and does not specify how a business should store records; rather, it defines which records should be stored and for how long.
XMedius helps IT departments that are increasingly tasked with creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.
Cyber Essentials Certification
The XMedius European Cloud infrastructure has been third party certified under the Cyber Essentials program backed by the UK’s National Cyber Security Centre.
Cyber Essentials compliance dictates the level of cybersecurity necessary for many UK government contacts, requiring protections across five technical control themes: firewalls, secure configuration, user access control, malware protection, and patch management.
For more information about this certification, visit the NCSC’s Cyber Essentials website.
Section 508 Amendment to the Rehabilitation Act of 1973
In 1998, the US Congress amended the Rehabilitation Act to require Federal agencies to make their electronic and information technology accessible to people with disabilities. Section 508 was enacted to eliminate barriers in information technology, to make new opportunities for people with disabilities available, and to encourage development of technologies that will help achieve these goals.
Section 508 applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under the law, agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.
Full system accessibility will depend on the accessibility of the customer’s third party telephony hardware, but in terms of our software, XMedius is committed to ensuring equal access. For example, CX-E’s functionality is fully TTY compatible (coming and going from the system) and is designed with the extra prompts and configurable response times called for by Section 508.