Overview
Security

Client Confidentiality

At Directions, we understand what it means to be a trusted, strategic partner. We take the obligation of protecting client confidential information such as product concepts, marketing plans, personally identifiable information (PII), and regulated data very seriously.

GENERAL DATA PROTECTION REGULATION (GDPR), CALIFORNIA CONSUMERS PRIVACY ACT (CCPA), AND CALIFORNIA PRIVACY RIGHTS ACT (CPRA)

With EU-US Data Privacy Frameworks certification through the U.S. Department of Commerce, Directions complies with the principles of the General Data Protection Regulation (GDPR), California Consumers Privacy Act (CCPA), and California Privacy Rights Act (CPRA). For further information about our controls, please read our privacy policy and white paper linked below. For additional information, please contact our Privacy Officer.

3RD PARTY REVIEW OF SECURITY CONTROLS

Directions’ Privacy Officer and extensive information security policies ensure consistent application of security procedures across the enterprise. Our security policies are based on a hybrid of the CISSP, ISO17799, and Bindview/Meta Security Groups’ models with additions from sans.org. Information security policies are reviewed and acknowledged by staff annually. Extensive information security logging, monitoring, and auditing demonstrate our commitment to consistent and thorough operational security. Our security framework has been reviewed by Barnes Dennig. Barnes Dennig is a Certified Public Accounting and consulting firm serving organizations since 1965 in Ohio, Indiana, and Kentucky.

Annually, Directions completes its annual SOC 2 Type II audit assessed by Barnes Dennig. A SOC 2, Service Organization Control Report (www.aicpa.org/soc), is issued under the AT Section 101 attest standard. It focuses on a business’s non-financial reporting controls as they relate to security and confidentiality. The Type II variety tests the effectiveness of controls as executed over a six-month evaluation period. During the same six-month period, Directions completed a HIPAA/HITECH and GLBA review, also by Barnes Dennig. HIPAA/HITECH are regulations associated with the healthcare industry. GLBA (Gramm-Leach-Bliley Act) is a regulation associated with the financial industry.

For additional information, please see our detailed white paper or ask your Directions contact/ info@directionsresearch.com.