Home / About / Security & Compliance
HITRUST Certified | HIPAA Compliant | SOC 2 Type II | PCI DSS | FISMA | FERPA
Security & Compliance
Secure print, direct mail, and omnichannel customer communications partner for highly regulated organizations and those who value customer data.
Secure by Design
HITRUST Certified, HIPAA Compliant Secure Print & Direct Mail Partner
Your peace of mind is our top priority. And you can rest easy knowing that your data is in safe hands.
From physical security to safe handling of data, Sepire understands the nuances of working with clients in highly-regulated industries and knows what it takes to do things right.
After all, when your name literally means “to protect,” you can’t exactly get away with anything less.
It’s why we spend months every year and hundreds of thousands of dollars to stay ahead of the latest threats, trends, and best practices.
Powered by CompliChain
Built from the ground up with security in mind, our proprietary CompliChain™ technology is designed to keep data secure and encrypted both in transit and at rest. Both our processing infrastructure and production environment are secured. And we’re staffed with some of the best, most security-minded professionals in the business.
From reception to use to destruction, we hold your data sacred and ourselves to the highest standards.
And we have the certifications to prove it.
How Sepire Keeps Your (and your Clients’) Data Safe
From physical security to internal controls, Sepire is committed to providing its clients world-class security. And it’s not just because we have to—Security is built into the way we work. When you turn to Sepire for your printing needs, data is secure from reception to use to destruction.
Physical Security
Our security promise starts at our facilities. Visitors are diligently tracked from the moment they arrive and must sign in within seconds of entry. Badge access is required throughout both our offices and our fulfillment centers. It might be an inconvenience (and has resulted in a few spilled cups of coffee), but it’s a necessity.
Data Security
Data—and the controls needed to protect it—are multidimensional. Whether it’s personal health information (PHI), personally identifiable information (PII), sensitive information, or simply information in general, protecting it is our priority.
In compliance with National Institute for Technology Standards (NIST) and NIST Common Security Framework definitions, we classify information and determine appropriate policies, standards, definitions, and processes needed to protect it.
From access levels to monitoring, we build multiple layers of security around your data to ensure it’s recognized, classified, and protected.
Infrastructure Security
Both in the offices and the production environment, security is built into the way we work. Built on the Microsoft platform hosted in Azure, our CompliChain system combines security, efficiency, and availability into an easy-to-use product. And you can rest assured knowing that we’re adapting to the constantly evolving threat environment:
Internal & External Penetration & Vulnerability Testing: We conduct frequent tests of our security by performing various types of penetration testing to identify and remedy vulnerabilities in a timely manner.
Intrusion Detection, Prevention, & Monitoring: We’ve hired some of the best in the business and utilize modern tools to monitor, detect, and automatically alert these people of incidents.
Third-Party Vendor Management, Monitoring, & Risk Management: Before integrating any third-party services or components, we conduct thorough assessments to ensure third-party vendors meet our requirements—and reassess them annually.
Pair this with next-generation firewalls, constant monitoring, file-level encryption, and more, Sepire is able to protect its internal network—and your data—from unauthorized access.
Corporate Security & Governance
At Sepire, security is baked into the way we think, the way we act, and the way we operate.
Our security framework was developed on day one and continues to be a part of who we are to this day. Here are just some of the ways we’ve baked security into our operations:
Single Sign On (SSO): Internal applications and employee services are authenticated with SSO, requiring complex passwords and multi-factor authentication.
Minimum Permission and Access Reviews: Employees receive minimum permissions by default and are only granted additional access on an as-needed basis. Sepire reviews access on a regular basis to ensure compliance with principle of least privilege (PoLP).
Security Training: On day one (and every year after that), employees receive comprehensive security awareness and HIPAA training.
Virtual Private Network (VPN): Any access to internal services must be done through a secure Virtual Private Network (VPN) requiring two-factor authentication.
What Makes Us Different?
Five years old—with more than a century of experience. Sepire was built to change—and exceed—your expectations in a secure print, direct mail, and omnichannel communications partner.
And this includes our security footprint. Here are just some of the ways we aim to stand out.
-
When you work with us, you work with us. We’re scalable enough to handle everything you can throw at us—so when you put your job in our CompliChain solution, we’re the only ones who ever interact with your data.
-
Fulfilling multiple touchpoints requires consistent and comprehensive security. And we don’t just hold up our promises in your direct mail initiatives, we’re locked down no matter how you communicate.
Through our partners and processes, your mail, email, text messages and push notifications reaches the right person at the right time—without the opportunity for interference or intrusion.
-
Our SLAs are sacrosanct. If we promise an in-home date or window, your mailpiece or package is leaving our facility in time to meet it—no ifs, ands, or buts.
Both our computing environment and production facility are built and equipped to handle planned and unplanned disruptions.
Our print facility in Burr Ridge, Illinois is built to handle whatever the Midwest has to throw at it. We offer a true Tier 1 and Tier 2 business continuity and disaster recovery program so when the ‘worst’ does happen—we already have plans in place to continue operations and meet those SLAs.
Our chief technology officer (CTO) and chief operation officer (COO) has established standards, processes, and procedures to ensure that the job gets done right—both on time and with security in mind.
So when you partner with Sepire, you get the uptime you need so that the job gets done on time and with no hiccups.
Security & Privacy Certifications
At Sepire, security isn’t simply an internal affair. We hold ourselves to the highest standards—and are verified by some of the biggest names in the business.
From required certifications to those that allow us to stand out, our systems are poked, prodded, audited, and ultimately verified as secure, certified, and compliant.
HITRUST Certification
It’s the gold standard of security and compliance. While nearly every certification on this list is table stakes, the HITRUST Framework is the comprehensive, scalable, reliable, and efficient framework for risk management and regulatory compliance.
HITRUST created this framework to help organizations prove that they can meet an everchanging, ever-evolving threat landscape.
Consolidating more than 50 other security and privacy frameworks including HIPAA, SOC 2, PCI, ISO 27001 and more, the HITRUST Framework ensures we’re able to meet every standard you require—and then some.
And getting this certification isn’t easy—or cheap. But it’s worth it. By working with a HITRUST certified printer, you can rest assured that every question you may have has been asked, tested, and answered.
Annual AICPA SOC II Type II Audits & Certification
A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested.
Sepire undergoes annual audits to ensure that we meet the highest standards set by the AICPA when it comes to data protection.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 and is designed to prevent cybersecurity breaches of sensitive data and reduce the risk of fraud for organizations that handle payment card information.
To achieve PCI DSS certification, organizations need to maintain a secure network, take steps to protect cardholder data, maintain a vulnerability management program, limit access, monitor networks, and keep their information security policy up to date.
And every year, we work with a third-party PCI Qualified Security Assessor (QSA) who assesses processes and systems to provide us with an Attestation of Compliance (AOC).
HIPAA Compliant Printing & Mailing
The Health Insurance Portability & Accountability Act (HIPAA) regulations require that covered entities and business associates take steps to adequately protect personal health information.
As a HIPAA compliant printer, secure mail provider, and direct mail partner for healthcare providers and insurers, we live by the privacy and security standards set forth. And we’re proud to say that through our HITRUST Certification, we’re proven compliant with both the HIPAA Privacy Rule and the HIPAA Security Rule.
FISMA Compliant Printing & Mailing
The Federal Information Security Management Act (FISMA) is a U.S. federal law that requires federal government agencies and their third-party partners to implement an information security program to protect their sensitive data.
This comprehensive security and risk management framework ensures government vendors, service providers, and contractors meet specific standards needed to protect sensitive data in government systems.
Department of Education FERPA Compliance
The Family Educational Rights and Privacy Act (FERPA) was established to provide guidelines and requirements regarding the privacy of student education records. And as a printer with clients in the education space, we take these requirements seriously.
Through secure print release, encryption, audit trails, and more, Sepire works hard to ensure personally identifiable information stays private.