DOMA is a Cloud Leader in Compliance and Security
Our team is constantly in risk assessment mode. Data breaches, data loss, account hijacking, insecure APIs, denial of service, and malicious insiders are at the top of the compliance and security list of concerns and we prioritize efforts to mitigate those risks.
Compliant with HIPAA regulation (Health Insurance Portability and Accountability Act of 1996) protecting private health records.
Compliant with FISMA (Federal Information Security Management Act), a federal law requiring an information security and protection program.
PCI DSS LEVEL 1
Compliant with PCI DSS (Payment Card Industry Data Security Standard ensuring that credit card information is maintained in a secure environment.
Compliant with FIPS 140-2 (Federal Information Processing Standard), a government approved cryptographic computer security standard.
Certified in International Organization for Standardization 9001, Quality Management Systems.
Compliant with the Graham Leach Bliley Act’s standards for protecting the privacy of a customer’s financial information through data encryption before transmission, during transmission and while at rest. As well protection of data from physical hazards and unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
Compliant with Sarbanes-Oxley Act ensuring that information stored cannot be tampered with (altered) by any employee. All data is encrypted with AES encryption prior to transmission and while it resides within the data center.
DOMA’s infrastructure is located within Amazon Web Services’ (AWS) highly secure environment. The AWS IT infrastructure provides to DOMA security best practices and a variety of IT security standards, including:
- SOC1 / SOC2/ SOC3
- FISMA / FedRAMP / DodSRG Levels 2 and 4 / FIPS 140-2
- PCI DSS Level 1
- ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 ITAR