Commport_Logo Side_Web
Get Quote

COMMPORT

Security

At Commport, the security of our clients’ data is our top priority. We are committed to implementing robust security measures to protect sensitive information, ensuring that our solutions not only meet but exceed industry standards. We adhere to the most stringent security protocols and best practices, continuously evolving our strategies to stay ahead of potential threats. Commport is proud to be SOCII certified, please read below for more information.

Security

Commport

Introduction to Security at Commport

In the EDI (Electronic Data Interchange) space, security is paramount, as it involves the exchange of sensitive business documents between trading partners. Ensuring the confidentiality, integrity, and availability of these transactions is critical to maintaining trust and compliance with industry standards. At Commport Communications, we implement robust security protocols, including encryption, authentication, and secure communication channels, to protect data from unauthorized access and breaches. Our solutions are designed to safeguard your business against cyber threats, ensuring that your EDI transactions are not only efficient but also secure.

Commport

Certifications

2024 SOCII Logo
Commport’s SOC II Type II Certification
  • Scope of Certification: Our SOC II Type II certification covers all critical areas of our operations, including data processing, storage, and transmission. It applies to all our services, ensuring comprehensive protection on our EDI, VAN and Datapool Services.
  • Certification Timeline and Renewal: Commport undergoes an annual SOC II audit, ensuring that our security practices are not only maintained but continuously improved. Our most recent certification was awarded on August 19th, 2024, with our next audit scheduled for January 2025.
  • External Audit Process: We engage independent third-party auditors to conduct a thorough assessment of our security controls. This rigorous audit process involves testing and evaluating the effectiveness of our systems, policies, and procedures against the SOC II Trust Service Criteria.
What is SOC II?
  • Explanation of SOC II: SOC II (Service Organization Control 2) is a security audit framework developed by the American Institute of CPAs (AICPA) that evaluates the effectiveness of an organization’s controls in relation to the Trust Service Criteria. These criteria include Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • Relevance of SOC II Certification: SOC II certification is essential for organizations that handle customer data. It provides assurance to clients that their data is managed and protected with the highest standards of security and privacy. This certification is particularly critical for industries like finance, healthcare, and technology.
What is SOC II Type II?
  • Distinction between SOC II Type I and Type II: SOC II Type I reports assess the design of security processes at a specific point in time, whereas SOC II Type II reports assess the operational effectiveness of these processes over a minimum period of six months. Type II certification demonstrates a consistent and ongoing commitment to security.
  • Importance of SOC II Type II Certification: Obtaining SOC II Type II certification is a rigorous process that validates our long-term adherence to stringent security protocols. It assures clients that we maintain the highest levels of security throughout our operations.

Request a copy of our SOC II Type II Report

Request

Commport

Key Security Measures

Data Security

Data Encryption

  • Encryption at Rest: All data stored within our systems is encrypted using advanced encryption algorithms, ensuring that sensitive information remains secure even if unauthorized access occurs.
  • Encryption in Transit: Data transmitted between our clients and Commport is protected using Transport Layer Security (TLS) protocols, preventing interception or tampering during transmission. Our preferred protocols include AS2 and SFTP.
Access Control

Access Controls

  • Role-Based Access Control (RBAC): Access to data and systems is granted based on the principle of least privilege, ensuring that only authorized personnel have access to the necessary information.
  • Multi-Factor Authentication (MFA): We require MFA for access to sensitive systems, adding an extra layer of protection against unauthorized access.
Incident Response

Incident Response

  • Continuous Monitoring: Our systems are continuously monitored for any unusual activity or potential threats. We use advanced security tools and third-party services to detect and respond to incidents in real-time.
  • Incident Detection and Response: When an incident is detected our response strategy includes identifying the source of the breach, containing the threat, and restoring normal operations while minimizing impact and then perform a root cause analysis mitigate further threats and to take lessons learned into the future.
Vendor and Partner Security

Data Integrity and Confidentiality

  • Integrity Controls: We implement strict controls to ensure that data remains accurate and unaltered during processing. Regular checks and validations are performed to maintain data integrity.
  • Confidentiality Measures: All sensitive data is classified and protected according to its level of sensitivity. We use a combination of encryption, access controls, and monitoring to safeguard confidential information.
Vendor and Partner Security

Vendor and Partner Security

  • Vendor Risk Management: We conduct thorough security assessments of our vendors and partners, to ensure that they meet our stringent security standards.
  • Third-Party Access Controls: Access to our systems by third-party vendors is tightly controlled and monitored. We ensure that vendors have only the necessary access to perform their duties and that all data exchanges are secure.

Commport

Privacy and Compliance

Data Privacy

Data Privacy
Practices

  • Adherence to Global Privacy Regulations: Commport complies with major data protection regulations, including GDPR (General Data Protection Regulation). We ensure that personal data is collected, processed, and stored in compliance with these laws.
  • Client Consent and Data Usage: We collect and use data only with the consent of our clients. All data processing activities are transparent, and clients have full control over their data.
Access Control

Client Data
Handling

  • Data Minimization: We collect only the data necessary for the services we provide. Excess data is either anonymized or securely deleted.
  • Secure Data Management: All client data is managed within secure environments with strict access controls. Data backups are encrypted and stored in secure locations to prevent unauthorized access.
Third Party Assessments

Third-Party Assessments

  • Regular Security Audits: We engage third-party security experts to conduct regular assessments of our systems and practices. These assessments include vulnerability testing, penetration testing, and compliance audits.
  • Continuous Compliance Monitoring: Our compliance team continuously monitors changes in data protection laws and industry standards to ensure that our practices remain up-to-date and compliant.

Commport

Ongoing Commitment to Security

Continuous Improvement

Continuous Improvement

  • Adapting to Emerging Threats: At Commport, we recognize that the security landscape is constantly evolving. We are committed to continuously improving our security measures to stay ahead of emerging threats. This includes regular updates to our security policies, employee training, and the adoption of new technologies.
  • Client Feedback: We value feedback from our clients and incorporate it into our security improvement plans. Our goal is to ensure that our security measures align with our clients’ needs and expectations.
Audits and Certifications

Future Certifications and Audits

  • Plans for Future Security Certifications: In addition to maintaining SOC II certification, we are exploring other relevant security certifications to further strengthen our security posture.
  • Regular Audits and Assessments: We plan to continue our practice of regular internal and external audits to validate the effectiveness of our security controls. This commitment ensures that we remain compliant

FAQs

Frequently Asked Questions

SOC II certification covers the processes, policies, and procedures we have in place to protect client data across the five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SOC II certification ensures that clients’ data is managed with the highest level of security, providing peace of mind and reducing the need for additional security assessments.

We undergo annual audits, continuously monitor our systems, and implement best practices to maintain SOC II compliance.

If you have any questions about our security practices or SOC II certification, please contact us at sales@commport.com 

To report a potential security concern or breach, please contact us directly at the sales@commport.com. All reports are treated with the highest priority and confidentiality.

CONTACT

Get a Free Quote Today