CLIENT CONFIDENTIALITYAt Directions Research, we understand what it means to be a trusted, strategic partner. We take the obligation of protecting client confidential information such as product concepts, marketing plans, personally identifiable information (PII), and regulated data very seriously.
3RD PARTY REVIEW OF SECURITY CONTROLSDirections’ Privacy Officer, Director of Information Technology, and extensive information security policies ensure consistent application of security procedures across the enterprise. Our security policies are based on a hybrid of the CISSP, ISO 17799, and Bindview/Meta Security Groups’ models with additions from sans.org. Information security policies are reviewed and acknowledged by staff annually. Extensive information security logging, monitoring, and auditing demonstrate our commitment to consistent and thorough operational security. Our security framework has been reviewed by Plante & Moran. Plante & Moran is the nation’s 13th largest CPA advisory firm with over 2000 professionals and 22 offices spread around the globe.
In March of 2018, Directions successfully completed its annual SOC 2 Type II audit performed by Plante & Moran. A SOC 2, Service Organization Control Report (www.aicpa.org/soc), is issued under the AT Section 101 attest standard. It focuses on a business’s non-financial reporting controls as they relate to security and confidentiality. The Type II variety tests the effectiveness of controls as executed over a six month evaluation period. During the same six month period, Directions completed a HIPAA/HITECH and GLBA review, also by Plante & Moran. HIPAA/HITECH are regulations associated with the healthcare industry. GLBA (Gramm-Leach-Bliley Act) is a regulation associated with the financial industry.
For additional information, please see our detailed white paper or ask your Directions contact / firstname.lastname@example.org.