Logo Alohi

Compliance

Learn more about Alohi’s adherence to industry-standard security compliances and certifications

Principle

Having top-notch world-class security and privacy was not only our number one priority but the philosophy we built our products and service offering upon. However, in order for us to be able to quantify and enhance the quality of our security and privacy practices, we took a step further and committed to certifying ourselves and all our products (SIGN.PLUS and FAX.PLUS) for all relevant certifications and compliances. Maintaining the highest standards of compliance is an ongoing process and we strive to adopt, adapt and also contribute as much as possible to all current and upcoming standards.

Principle

Compliance Offerings

ISO 27001

ISO/IEC 27001 Compliance

Alohi is certified by an independent and impartial certification institute, EY CertifyPoint, through a series of surveillance and audits. The certificate validates that Alohi has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.

The scope of the information security management system (ISMS) Alohi has gotten certified for is to ensure the protection of our customers’ data and applies to all stakeholder relationships with Alohi, including the people, processes and tools required to develop, support and maintain the services and products provided by Alohi.
Learn more about it here.

SOC 2 Type 2 Compliance

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402), both of which are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Learn more about it here.

AICPA SOC
HIPPA Alohi

HIPAA Compliance

We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure and that’s why we have looked into all administrative, physical and technical safeguard specifications with fine precision, mitigating all HIPAA requirements to safeguard our customers’ data, individuals’ protected health information (PHI) and electronic protected health information (ePHI). This is why healthcare providers, insurance companies and other covered entities trust us with their most sensitive documents. We are fully compliant with HIPAA.
Learn more about it here.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The scope of the PCI DSS includes all systems, networks, and applications that process, store, or transmit cardholder data, and also systems that are used to secure and log access to the systems in scope.

We maintain compliance with the current version of the PCI DSS to ensure safe and secure handling of customers’ payment card information, and rigorous data security standards to ensure that our customer’s credit card information remains safe and secure.
Learn more about it here.

PCI-DSS
GDPR Alohi

GDPR Compliance

The General Data Protection Regulation (GDPR) is a piece of data protection and privacy legislation that applies to citizens in the European Union (EU). As a company that prioritizes the security and privacy of its users, Alohi was already implicated in the commitment to minimize the collection of any users’ information. The GDPR is therefore acting as a guideline for our efforts, where we only collect the personal data we need to provide the service we are offering. We do not sell personal information to any third party and any personal data is only transmitted to third parties when it is necessary to process a contract and to fulfill our services to our users. We are fully compliant with the GDPR.
Learn more about it here.

CCPA Compliance

While being very similar to the GDPR, the California Consumer Privacy Act (CCPA) is a different piece of data protection and privacy legislation that applies to citizens in California. The CCPA gives Californian residents more control over the personal data that businesses collect and process about them. These rights include, but are not limited to, the right to know, the right to delete and the right to opt-out. We take security and privacy very seriously at Alohi. We are fully compliant with the CCPA.
Learn more about it here.

CCPA
CSA STAR Program

CSA STAR Program

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The CSA STAR Certification is a third-party independent assessment of the security of a Cloud Service Provider (CSP) that comprises key principles of transparency, rigorous auditing, and harmonization of standards.

The CSA STAR certificate provides further reassurance to customers and business partners that their organization has established a base maturity level in managing the internal operations relevant to the 16 different security domains in the CCM. See the CSA STAR registry for Alohi.

Data Residency

Meet and exceed your local data residency requirements by storing your faxes in the region of your choice. There are over 20 regions to choose from which include United States, Canada, Australia, Japan, Switzerland and many more. You can reside your faxes along with their backups in the same datacenter or different datacenters. Regardless of the datacenter location all faxes and their backups will be stored fully encrypted using 256-bit Advanced Encryption Standard (AES).
Learn more about it here.

Data Residency