We are extremely pleased to announce that Dropbox Sign has obtained the SOC 2 Type 1 attestation against the Security, Confidentiality and Availability Trust Principles and Criterion.
For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), Dropbox Sign can also support HIPAA compliance. Dropbox Sign now has the ability to sign a Business Associate Agreement (BAA) with any of our customers in the healthcare, pharmaceutical, and insurance industries. Under a BAA we are bound to operate specific controls to protect your electronic protected health information (ePHI).
We updated our policies, procedures, and infrastructure to support our customers around their need to be HIPAA compliant. There is no certification around HIPAA so for assurance purposes, we got an assessment completed from an independent third party to ensure compliance to Health Insurance Portability and Accountability Act (HIPAA) Security Standard.
Our Commitment to Security and Regulatory Compliance
One of the challenges every cloud services company faces is establishing customer trust. Getting SOC 2 attestation enables Dropbox Sign to demonstrate to our customers the maturity of our information security program via an independent third party attestation. It also validate the measures we have taken to enable security, confidentiality, and availability of our customer data.
Per Dropbox Sign’s CTO and Co-founder Neal O’Mara:
“Getting the SOC 2 Type 1 attestation and conformance to HIPAA Security Standard demonstrates our commitment to meet not only regulatory requirements but to protect our customer data to the best of our ability.”
Meeting the stringent HIPAA and SOC 2 compliance requirements was more than a year long journey for us. We designed and operationalized enterprise level security controls, whether it was performing periodic user access reviews or providing HIPAA Security and Privacy training to requisite employees.
Every person at Dropbox Sign came together and stepped up to ensure that we have all the security control well designed and operating effectively and that we are ready to demonstrate to a third party the maturity of our controls with audit worthy evidence.
What SOC 2 and HIPAA Compliance Means For Our Customers
All of Dropbox Sign’s customers benefit from our enhanced security and compliance posture to meet the SOC 2 and HIPAA Security Standard requirements. We can provide our customers and prospects a copy of Dropbox Sign’s SOC 2 Type 1 report under NDA upon request.
If you are an existing customer and would like to expand our services to parts of your business which handle ePHI, please contact your Account Manager.
If you are a prospective customer and interested in procuring our services and signing a Business Associate Agreement with us, please contact firstname.lastname@example.org.