Confidentiality Statement and Information Security Controls

File Keepers adheres to stringent industry standards. As a member of PRISM, File Keepers consistently upgrades its Document Security Process to ensure privacy and physical security and our compliance with federal regulations (i.e., Gramm-Leach-Bliley Act, Title V, Sarbanes-Oxley, HIPAA Act of 1996 and HITECH Act of 2008).

These polices are in effect, reviewed and edited often to accommodate our changing technologies. Operational procedures are available and adherence to them is on a daily basis. Furthermore cross training between assigned personnel is always in effect. There is a pre-employment screening process for potential employees, which includes background and drug testing. Lists of authorized personnel exit are maintained. Device restrictions and access lists exist where they are appropriate.

Our facilities are secure, state-of-the-art record centers with industry and regulatory mandated fire suppression systems, and seismically designed shelving and intrusion alarms. Strict ID badge/security access procedures are in place. Our secure fleet of vehicles is equipped with GPS tracking for remote monitoring and all drivers use load validation scanners and printers, and participate with management in frequent audits of security procedures.

In today's business climate, a large responsibility rests on FILE KEEPERS' shoulders. 'Privacy', 'Security' and 'Confidentiality' have become key issues within our industry and are vital to FILE KEEPERS' business operation. With the strict regulations brought forward through the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act of 1999, the Sarbanes-Oxley Act of 2002 (Enron Act), and the Federal Financial Institutions Examination Council (FFIEC) many businesses are turning to FILE KEEPERS to ensure the safety, security, privacy and confidentiality of their records.

All access to data is restricted, controlled and monitored by the MIS Department and as stated above no access is granted without written approval. All employees must attend orientation sessions regarding security awareness and read and sign a copy of our company security and usage policies and practices. We require all employees to re-read our company security and usage policies and sign them periodically. User account additions, modifications, and terminations are conducted immediately by MIS staff upon notification by HR and Operation managers. No authorization to technologies or systems is ever established without written authorization from Operations management.

Explicit multi-management approvals are in place. Explicit authentication procedures are in effect and encryption where applicable. Devices applied to our tasks are seldom required to be labeled on a per user basis. Much of the desktop automation is in a multi-user environment. However, mobile devices are assigned and these assignments are recorded. The acceptable use of technologies is defined and is enforced. Locations for network technologies is closely defined and guarded for proper security and environmental conditions.

We do not maintain a list of company approved products. All automation purchases are vetted through our MIS Department. Who in turn selects the most appropriate technologies for each specific need at that time. The vetting process is dominated by standardization yet flexible enough to assume use of new technologies as they are available and are reliable. Automatic disconnection of sessions is always on and applies to both internal and external access. Our policy is to allow access to supporting vendors only during required need and all access are monitored during the entire session. Few service providers are allowed access to our systems and those with access to actual data are even smaller. There is no need of generating a list of them. As stated above, contractors are required to read and sign off on our security and access usage policies, and their access is monitored live by an MIS representative at all times. Furthermore, contractors are required to sign further documentation pursuant to non-discloser rules as well.

Both employees and contractors our security policies are defined, documented, signed, updated, and revised often. Furthermore, contractors are required to sign further documentation pursuant to nondiscloser rules as well. All security management tasks are assigned, implemented, and monitored by our MIS Department. Although not documented as a formal “Incident Response Plan” we have in place procedures of notification that are followed religiously. These procedures are also modified with changing conditions and the changes disseminated in writing.

Our MIS Department prepares and documents all policies and procedures relative to technology usage and security. The responsibility to disseminate this documentation is in the hands of our Human Resources Department. Our MIS Department is responsible for monitoring all security conditions and this is conducted 24/7/365. All security issues are documented and decimated within the management of our MIS Department. Further dissemination to Operation managers occurs where needed and further addressed via changes in our security policies and procedures when appropriate.

1 January 2011 VI.5

Dear Friends,

These are challenging times indeed, both personally and professionally, for every single one of us. But above all else, our hearts go out to those affected by loved ones dealing with adverse health issues related to COVID-19. While we wait to hear news and updates on its status from around the world, it is uplifting to hear about the positive things people are doing in our own communities to help those not able to help themselves. It is encouraging to know that the true spirit of humankind will always shine through during times of struggle.

At File Keepers, we remain open to continue providing mission-critical services to organizations as diverse as hospitals, police departments, municipal governments, and national defense companies. We appreciate your support and patience during this time as we endeavor to provide support as efficiently as possible. Per recommendations by officials related to social distancing, we have reduced staffing levels, so there may be some atypical service delays related to our scanning, shredding, document retrieval, and Laserfiche support services. But rest assured, we will make every available effort to support your needs while continuing to follow the explicit guidelines set forth by the World Health Organization and the CDC to ensure the safety and welfare of our clients, employees and their families. We’re aware that this is a particularly trying time for small businesses. If you have been impacted by a mandatory workforce reduction, we offer a number of other services that can lessen your administrative or accounting burdens. We can receive and scan mail, process checks, and perform other back-of-office tasks. Please don’t hesitate to reach out if you think we can help. We’re here to assist in any way possible.

While the future is unclear at this time, one thing is certain; this, too, shall pass. We are optimistic and hopeful for a speedy end to this global crisis and confident we will persevere by working together, coming together as a global community, and being patient and kind to one another. Thank you for your past patronage, and we look forward to restoring our normal operations in the near future.


Tom McGovern signature
Tom McGovern
File Keepers CEO