Compliance and Due Diligence Documents
A major advantage of the NetDocuments Service is Compliance as a Service (CAAS). We conduct a range of independent audits and maintain certifications of compliance with major applicable security control standards. The benefits of these certifications pass down to firms and companies using the NetDocuments Service.
Repository administrators have on-demand access to our full set of compliance and due diligence response documents through the Security Center in the Repository Administration Console.
The documents available through the Security Center include, as well as many others:
- ISO 27001/27017/27018 certificate
- Type II SOC 2+ Report
- HIPAA Attestation
- Completed Consensus Assessment Initiative Questionnaire (CAIQ)
- NetDocuments Security Availability and Privacy Due Diligence Response
These documents are updated regularly and provide a comprehensive overview of the technical and operational measures we have in place to ensure the security, privacy, integrity, and availability of the documents our customers entrust to the NetDocuments Service.
Vendor Security Assessments
To help us in responding to the assessment needs of all our customers in a timely and cost-effective way, we ask you to review the documents available through the Security Center and, if that information meets your needs, to accept those materials in place of your own assessment questionnaire. The NetDocuments compliance team is available to respond to any follow-up questions you may have.
If you would still like us to complete your questionnaire, please note the following:
- Requests must be sent to email@example.com, using the methods outlined below
- Time for audit support and questionnaire completion will be charged to the customer according to rates listed on the Security Audit Fee Schedule, which is available to customer administrators through the Security Center.
- We are not able to complete every security assessment we receive. Assessments accepted for completion are completed and returned on a first-in, first-out basis
- Questionnaires accepted for completion may take 30-60 days to return. We appreciate your patience
Because of the increasing problem of phishing and other malicious email messages, email messages containing vendor assessment questionnaire as attachments or links will be rejected unless they are sent from an email address associated with a repository administrator account, and attachments should be sent via NetDocuments secure document delivery link. If you are directing us to an online assessment tool, please provide the link, credentials, and other instructions in a Word or PDF document and send that document via secure document delivery link instead of using direct links embedded in the email message itself. We ask that repository administrators coordinate with their corporate IT and security departments to make sure your requests are received and processed in a timely manner.
Independent Penetration Testing
NetDocuments engages independent providers to conduct penetration tests against the Service twice each year. Summary and remediation reports are available to customer repository administrators through the Security Center.
Customers may conduct their own penetration tests on the following conditions:
- All tests must be coordinated in advance with the NetDocuments Compliance Department, which can be reached by emailing firstname.lastname@example.org. NetDocuments reserves the right to limit the scope of any independent penetration and/or vulnerability test.
- All tests must be conducted outside of regular business hours in the service area in which the test is to be conducted.
- Failure to coordinate tests in advance is illegal hacking and will result in a security response that will result in the suspension of access to your repository.
- Customer penetration test results must be shared with NetDocuments and will be considered NetDocuments’ confidential information.
Compliance Department Contact Information
Please, direct compliance inquiries to email@example.com and a member of the NetDocuments compliance team will respond.