Compliant File Sharing

Helping Your File Sharing Activities To Be Complaint With: GDPR, NSM, HIPAA, SOX, FINRA, FISMA, GLBA, Cyber Essentials UK
compliant file sharing

Filemail helps you to be compliant with various mandates that govern how file sharing must be implemented. Mandates such as GDPR and HIPAA, to name but two, cover a wide range of use-cases. 

On this page we cover the stipulations within those regulations that explicitly dictate protocols, security postures, and features that a file transfer service such as Filemail must offer to aid clients compliance requirements.

The mandates we cover on this page are:

  • Cyber Essentials (UK)
  • GDPR (EU)
  • FINRA (US)
  • FISMA (US)
  • HIPAA (US)
  • NSM ICT (Norway)
  • SOX (US)

Access Control & Authorization

Requirements: Permit account access to only authorized personnel. Enforce access-level and access privileges.

Filemail provides: Multi-factor authentication (MFA). Single sign on (SAML/SSO). Strong password policies. Password protect download pages. Secret keys when using end-to-end encryption.

Required to comply with: Cyber Essentials, FINRA, FISMA, GDPR, GLBA, HIPAA, NSM, and SOX.

Audit Control

Requirements: Ensure accountability and transparency. Track user and file sharing activity. Immutable Write Once Read Many (WORM) logs.

Filemail provides: Granular user activity and file sharing activity logs. All logs are immutable; they can not be tampered with. Real-time notifications of file activity such as received file, sent file, downloaded file, etc.

Required to comply with: FINRA, FISMA, GDPR, GLBA, HIPAA, NSM, and SOX.

Breach Detection & Incident Response

Requirements: Detect unauthorized access or anomalous behaviour. Respond quickly to such activity. If a breach is detected, an incident response plan must be in place, as well as a timely alert notifying affected parties.

Filemail provides: AI-enabled threat monitoring. Endpoint Detection and Response (EDR). Detailed Incident Response Plan. Anti-virus & malware scanning. Prompt notification of data breaches.

Required to comply with: FISMA, GDPR, GLBA, HIPAA, NSM.

Data Retention & Lifecycle

Requirements: Retain records for the required period, after which they must be securely deleted. Records must be available during the retention period, and tamper-proof.

Filemail provides: Configurable retention periods of shared files. WORM-compliant immutable logs are stored for as long as the user remains. Set file expiry date, after which the files are automatically and irretrievably deleted. Users can manually delete files at their own discretion. 

Required to comply with: FINRA, FISMA, GDPR, GLBA, NSM, and SOX.

Encryption

Requirements: Protect integrity and confidentiality of data in transit and at rest.

Filemail provides: All data transmissions use HTTPS / TLS 1.2. For customers who enable end-to-end encryption, files are also protected with AES-256 encryption at rest, with secret keys controlled by the sender.

Required to comply with: Cyber Essentials, FINRA, FISMA, GDPR, GLBA, HIPAA, NSM, and SOX.

Integrity Protection

Requirements: Ensure files are not altered or tampered with.

Filemail provides: Checksum / cryptographic hash of files before and after transfer. Anti-virus and malware scanning. Executable files blocked from executing if sent through the service.

Required to comply with: Cyber Essentials, FINRA, FISMA, GDPR, GLBA, HIPAA, NSM, and SOX.

Patch Management

Requirements: Systems must be kept up to date. Prompt application of critical patches. Update anti-virus and malware detection daily. Regular testing.

Filemail provides: Daily virus definition updates. Regular patching of all servers and systems. Automated system to deploy updates. Penetration testing by third-party cyber-security teams.  Internal and external security audits.

Required to comply with: Cyber Essentials, FISMA, GDPR, and NSM.

Cyber Essentials, FISMA, GDPR, NSM.

Security Posture

Requirements: Minimization of attack surfaces. Constant vigilance and monitoring of systems.

Filemail provides: 24/7 monitoring. Intrusion Detection and Prevention Systems (IDS/IPS) to monitor traffic for potential threats, suspicious behaviour, and automatic blocking. Dual-layer firewalls.  Network segmentation.

Required to comply with: Cyber Essentials, FISMA, GDPR, NSM, and SOX.

Third-Party Management

Requirements: Ensure vendors handle data in a compliant manner.

Filemail provides: Data Processing Agreements (DPAs) with all third-party vendors, vendor security and sub-processor assessments, ongoing evaluations to ensure continuous compliance, transparent notification to customers of any change in sub-processors.

Required to comply with: FISMA, GDPR, GLBA, NSM, and SOX.

ISO 27001 Alignment

Our security posture aligns with internationally recognized best practices for information security management under ISO 27001. However, to date we have not sought formal certification.

Aiding Compliance With The Following Mandates

Final compliance outcomes depend on customer use.

cyber essentials uk
FINRA
FISMA
GDPR
HIPAA
NSM
SOX