At Directions, we understand what it means to be a trusted, strategic partner. We take the obligation of protecting client confidential information such as product concepts, marketing plans, personally identifiable information (PII), and regulated data very seriously.
GENERAL DATA PROTECTION REGULATION (GDPR) AND CALIFORNIA CONSUMERS PRIVACY ACT (CCPA)
3RD PARTY REVIEW OF SECURITY CONTROLS
Directions’ Privacy Officer and extensive information security policies ensure consistent application of security procedures across the enterprise. Our security policies are based on a hybrid of the CISSP, ISO 17799, and Bindview/Meta Security Groups’ models with additions from sans.org. Information security policies are reviewed and acknowledged by staff annually. Extensive information security logging, monitoring, and auditing demonstrate our commitment to consistent and thorough operational security. Our security framework has been reviewed by Barnes Dennig. Barnes Dennig is a Certified Public Accounting and consulting firm serving organizations since 1965 in Ohio, Indiana, and Kentucky.
Annually, Directions completes its annual SOC 2 Type II audit assessed by Barnes Dennig. A SOC 2, Service Organization Control Report (www.aicpa.org/soc), is issued under the AT Section 101 attest standard. It focuses on a business’s non-financial reporting controls as they relate to security and confidentiality. The Type II variety tests the effectiveness of controls as executed over a six month evaluation period. During the same six month period, Directions completed a HIPAA/HITECH and GLBA review, also by Barnes Dennig. HIPAA/HITECH are regulations associated with the healthcare industry. GLBA (Gramm-Leach-Bliley Act) is a regulation associated with the financial industry.