Gathering of private data – NapkinBetaBeyond maintains SSL (e.g. https) encryptions when private end user data is collected. Data is stored under multiple venues depending on the needs of the project. Options include 1) Outsourcing the data storage to a secure facility or 2) storing data in a local database with encrypted hashing algorithms. NapkinBetaBeyond follows the guidlines outlined at http://www.informationshield.com/usprivacylaws.html (United States) and http://www.informationshield.com/intprivacylaws.html (international).
Health Care Cloud Products – Our engineers follow strict adherence to the Health Insurance Portability and Accountability Act (HIPAA). For all projects that fall under HIPAA, a dedicated team will be assigned to perform quality assurance audits and maintain HIPAA compliance.
Government: FISMA, DIACAP and FedRAMP – In the United States, government agencies are required to follow several compliance procedures. NapkinBetaBeyond adheres to the following compliance specifications and policies:
- Department of Defense – DIACAP, NSCAP
- Cloud – FedRAMP Baseline Security Controls
- FISMA Reporting – NIST 800-18 (Guide for Developing IT System Security Plans), NIST 800-26 (Self Assessment Questionnaire), Quarterly and Annual Reporting
Credit Card Processing – All products that utilize credit card processing are required to be Payment Card Industry Data Security Standards (PCI-DSS) compliant. Even if your product does not store credit card credentials, you will be still held liable. Our engineers are trained in the nuances of each credit card vendor. Several tests and procedures are required depending on the vendor used for the product.
ISO/IEC 27001 – NapkinBetaBeyond follows standard practice for coding principles, data management, and security.
W3C Consortium – All products with HTML/CSS components are scanned before being deployed to production. Standards are outlined at http://www.w3.org/. Scans are conducted from multiple sources including:
Financial Sector BITS – BITS Shared Assessment program (http://sharedassessments.org) is a process allowing financial institutions to conduct risk assessments against service providers. NapkinBetaBeyond is a vendor that leverages the Shared Assessment program. Our engineers have completed the Shared Information Gathering questionnaire (GIS).
For any questions regarding standards and compliance, feel free to contact NapkinBetaBeyond at (214) 705-2900 or toll free at (866) 858-1213.