Meet Stringent Regulations with this Compliant File Transfer
We are dedicated to providing industry leading security and regulatory compliance to our customers. SendThisFile, Inc. and our partners comply with specialized regulatory requirements that our small, medium, and Fortune 500 customers must meet. As such, we are able to provide a compliant file transfer service to customers who must meet stringent data privacy and data security regulations. Click here for a detailed list of all the laws and regulations SendThisFile adheres to.
SendThisFile utilizes data centers that have passed a Statement on Auditing Standard (SAS) No. 70 Type II audit conducted by a third party. A SAS 70 Type II audit uses an outside auditor to validate that the internal controls for a company conform to industry best practices. A successful audit signifies that the proper procedures, hardware, and software provide robust security for our servers and that proper data handling is being performed. We are proud of our SAS 70 type II data center status.
Our data centers have also met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011.
SendThisFile complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. We have certified our adherence to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit https://safeharbor.export.gov/list.aspx
The Health Insurance Portability and Accountability Act (HIPAA) specifies a series of administrative, physical, and technical safeguards for covered entities and their Business Associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. The HIPAA omnibus final rule narrowed the "conduit exception" for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the "transient versus persistent nature" of the service offered. SendThisFile, Inc. is a secure file transfer service and not a file storage service. This service is transient in nature and therefore meets the conduit exception.
If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.
If your business has rules and regulations for safeguarding data, a compliant file transfer is a necessity. To discuss your requirements in more detail, contact a product specialist, or start out with a free plan today.