Kofax Trust
Security, compliance, and privacy information you can count on
Kofax takes building and maintaining the trust of our customers seriously. Kofax provides robust security, compliance, and privacy programs that carefully consider data protection matters across our suite of products. The Kofax Trust site ensures you have the latest security, compliance, and privacy information at your fingertips.
Highlights of Kofax’s Security Approach
Data Security
Industry standard physical and technical measures to protect you and your data
Product Testing
Robust data and privacy compliance testing and threat and vulnerability management programs
Risk Management
24/7/365 network security monitoring procedures to keep you running
Organization & Management
Dedicated teams of SMEs across privacy, information security, and compliance
Audits & Attestations
Significant investment in maintaining globally recognized certifications and attestations
Communications
Proactive incident response management and communications on security incidents
Certifications, Standards, and Regulations
Click here to view our Information Security Policy which applies for “Cloud Services” and “Public facing SaaS solutions."
SOC 2 Type 1 and Type 2
Kofax has invested significant resources to become a SOC 2 certified organization, which means that Kofax complies with the reporting requirements stipulated by the American Institute of Certified Public Accountants (AICPA). We undergo yearly audits across all aspects of our production operations, including our datacenters, and have sustained and surpassed all requirements.
SOC 3
Kofax is proud to become a SOC 3 certified organization, which means that Kofax complies with the reporting requirements stipulated by the American Institute of Certified Public Accountants (AICPA). The SOC 3 report is a publicly available, executive summary of our SOC 2 report and covers the Security, Availabliity, and Confidentiality Trust Services Principles.
ISO/IEC 27001
Kofax is certified in ISO/IEC 27001, a widely known standard for information security management system (ISMS) and their requirements. It enables organizations to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
PCI DSS
The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. A third-party PCI Qualified Security Assessor (QSA) assesses Kofax systems and processes on an annual basis and issues an Attestation of Compliance.
Peppol
Peppol is a set of artifacts and technical specifications that enable eProcurement solutions and eBusiness exchange services to be interoperable between disparate systems across Europe. Kofax adheres to the Peppol standard.
GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. Kofax is compliant with GDPR.
CCPA
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. Kofax is compliant with CCPA.
HIPAA
The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the security and privacy of Protected Health Information (PHI) held by covered entities and gives patients an array of rights with respect to that information. Kofax is compliant with the HIPAA security requirements.
Our Commitment to Ethical Behavior and Legal Compliance
Anonymous submission of ethics-related inquiries or suspected violations may be submitted confidentially via the Kofax Corporate Compliance Whistleblower Website, a completely external service.
Learn MoreProtecting Our Customer's Data Privacy
Protecting our customers’ data privacy is a top priority. We are committed to evaluating and updating our privacy policies and practices, and ensuring our continued compliance with GDPR, CCPA, and HIPAA.
Stay In the Know on Kofax Systems
The Kofax System Status site provides real-time information on service availability, performance, and scheduled maintenance events for our cloud products.
