Data Security Policy

Version: 1.0

Effective Date: February 1, 2025 / Last Updated: February 1, 2025

1. Purpose

This Data Security Policy outlines the security measures that the Online Doc Vault’s Electronic Document Management System (EDMS) strives to validate compliance with CMMC Level 1 (L1) standards with the exception that there is no USA data sovereignty. "Please note that the information provided is not sovereign and may be shared across the global internet infrastructure, making it accessible beyond specific jurisdictions." The EDMS platform is designed, maintained and monitored continuously by built in protocols using Microsoft Purview and Sentinel to protect client records, maintain data integrity, and safeguard sensitive information against unauthorized access or loss. Entra ID MFA is used to control access to private portals.

2. Scope

This policy applies to all clients utilizing the Online Docu Vault’s EDMS. It covers the security measures in place to confirm safe storage, controlled access, and secure transmission of electronic documents.

3. Security Controls and Measures

The Online Doc Vault’s EDMS implements the following security controls to protect client data:

  • Access Control:

    • Enforces role-based access control (RBAC) to ensure only authorized users have access to specific documents.

    • Requires multi-factor authentication (MFA) for all system access.

    • Provides detailed permission settings to define user roles with view, edit, or delete privileges.

  • Data Encryption:

    • Encrypts all data at rest and in transit using Microsoft encryption software.

    • Ensures secure communication channels for document transmission.

  • Audit and Monitoring:

    • Logs all access, modifications, and deletions of records for accountability.

    • Provides clients with access to audit logs for transparency and tracking.

  • Data Backup and Recovery:

    • Implements automated, secure backups to protect against data loss.

    • Backup for rapid recovery of client documents in the event of a system failure or cyber incident.

  • Secure Data Retention and Disposal:

    • Supports data retention policies in compliance with your requirements.

    • Implements secure deletion protocols to properly dispose of obsolete documents.

4. Incident Response and Reporting

The Online Doc Vault’s EDMS provides dedicated electronic security to monitor, investigate, and respond to potential security incidents:

  • Provides 24/7 digital monitoring for potential security threats.

  • Notifies affected clients immediately in case of a data breach.

5. Client Responsibilities

While Online Doc Vault works to verify a secure EDMS environment, clients must also take measures to protect their data, including:

  • Assigning appropriate user roles and permissions.

  • Reporting any suspected unauthorized access or security concerns promptly.

  • Ensuring their users adhere to best security practices when accessing the system.

6. Compliance and Enforcement

The Online Doc Vault conducts regular system updates and audits to maintain security compliance.

  • Clients will be notified of policy updates or changes affecting their data security.

  • Failure to comply with security measures may result in restricted access to the services or termination of service.

Approval & Acknowledgment

By purchasing and utilizing Online Doc Vault’s services, clients acknowledge and agree to the security measures outlined in this policy and any future updates.