SendThisFile is dedicated to providing industry leading security and regulatory compliance to its customers. SendThisFile, Inc. and its partners comply with specialized regulatory requirements which our small, medium, Fortune 500 and Fortune 10 customers must meet. As such, SendThisFile, Inc. is able to provide a robust managed file transfer service to customers who must meet stringent data privacy and data security regulations. Click here for a detailed list of all the laws and regulations SendThisFile adheres to.
SendThisFile utilizes data centers that have passed a Statement on Auditing Standard (SAS) No. 70 Type II audit conducted by a third party. A SAS 70 Type II audit uses an outside auditor to validate that the internal controls for a company conform to industry best practices. A successful audit signifies that the proper procedures, hardware, and software provide robust security for our servers and that proper data handling is being performed. SendThisFile is proud of our SAS 70 type II data center status.
SendThisFile utilizes data centers that have met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011. SendThisFile is compliant with HIPAA, SAS 70 Type II, SSAE16, PCI DSS, FIPS 140-2, and many more!
SendThisFile complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. SendThisFile has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view SendThisFile's certification, please visit http://www.export.gov/safeharbor/
The Health Insurance Portability and Accountability Act (HIPAA) specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. The HIPAA omnibus final rule narrowed the "conduit exception" for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the "transient versus persistent nature" of the service offered. SendThisFile, Inc. is a secure file transfer service and not a file storage service. This service is transient in nature and therefore meets the conduit exception.
If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.