Most tech startups are founded by the tech-obsessed: folks who come up with an elegant answer to a technical problem, then “move fast and break things.” Not so with Applca. Our founders have a background in business and law, so consequently they possess a profound understanding regarding the dangers of undue risk. The solutions our company set out to find were holistic and growth-oriented, not strictly functional. As others were “breaking things,” Applica’s experts were honing holistic solutions to complex business objectives. Our goal was always to anticipate client needs by designing solutions that catalyze profit while reducing exposure to risk. For us, data security has always been as important as extracting said data from documents with speed and accuracy. In other words, we believe that keeping your data safe is a prerequisite for doing our job—so you can do yours with true peace of mind.
All information systems are under threat, at least theoretically. Known and unknown vulnerabilities can be exploited to compromise the confidentiality, integrity, or availability of any information being processed, stored, or transmitted. Threats to information systems can include purposeful attacks, environmental disruptions, human or machine errors, structural failures, and regular old inside fraud. If and when they occur, hacks, theft, leaks, and malfunctions adversely affect organizational operations and assets, individuals, other organizations, and sometimes entire populations and industries.
Because we extract data from documents, we inherently access client data and usually retain parts of it for a time. The materials we gain access to in this way include (a) the documents clients supply as training sets for our foundational models, (b) the processed data we extract, itemize, and present back to the client, and (c) the information we rely on for feedback and data validation purposes. Our work is synchronous with incoming client workflows. In fact, Applica makes these first-order workflows faster and more accurate than ever. However, this means that not only do we access confidential data, but we access data that hasn’t been vetted yet. In fact, we are the reason this data is subsequently so conducive to vetting. All of this puts enormous responsibility on our company to keep client data as safe as possible.
What’s more, virtually all of the data our company processes is confidential even before it reaches our servers and it is strictly regulated as such. Depending on the industry, it is either sensitive information, such as employee and customer names and numbers, or it is highly sensitive information concerning medical and financial records. Our approach to risk involving confidential client data is simple: we reduce it so that it approaches zero, staying within the bounds of what is technologically and scientifically possible today.
By choosing to universally deploy the ISO 27001 Information Security Management System as the initial basis of our protocol, we start out with a highly regarded security standard already in place. Additionally, our services fulfill numerous other requirements in use around the world, including the more stringent GDPR and HIPAA norms. This ensures that both our company’s practices and the way our clients’ data is handled complies with a wide range of regulations. Plus of course it helps ensure that the data we process is as safe as possible in the current threat climate. We then adapt this robust and comprehensive set of globally relevant information security controls to specific client and project needs, customizing the operational plan as needed to eliminate or reduce the applicable threats and vulnerabilities.
Our extended protocol development includes assessing physical, technological, and personnel-related exposure, as well as conducting Data Protection Impact Analysis, which is a comprehensive process of risk assessment and management designed to both build and demonstrate compliance. Thus, thanks to DPIA, once our security protocols are ready, not only is your data as secure as you need it to be in the present threat environment—it is also easy to show proof of this to auditors and regulators.
This ensures that both our company and our clients’ documents are safe and compliant with GDPR and HIPAA requirements implemented as well in our ISMS. To further adapt this comprehensive set of globally relevant information security controls to specific client needs, we go further...
Of course, we use encryption on any data we access for storage or transmission—this is the norm in our line of work. What is unique, however, is that we are able to provide encryption built entirely on a key provided by the client. With all actions logged and non-editable even by us, use of such an encryption key gives clients the closest thing currently available to total control over their data security, even with Applica’s AI processing the paperwork. This is another way we go above and beyond the industry standard to answer the needs of some of our most discerning, future-minded clients.
And, speaking of the future, our mission includes ensuring that Applica’s security protocols stay ahead of the threats. Currently, we are preparing to implement the ISO 27018 code of practice for protection of personal data in cloud computing services and the ISO 27017 code of practice for information security controls in cloud environments. We are also adapting to next-generation SOC2 Type 2 reporting of how a company safeguards customer data and how well such controls are operating. Beyond that, we have enough people who know enough about quantum computing that when quantum cryptology goes live, we’re set to be ready with unbreakable quantum cryptography. But that’s a story for another day!
We set out knowing that being the best at processing data wouldn’t take us far if we weren’t also the best at keeping data safe. So we provide market-leading technology that combines AI-enabled automation, world-class data protection, and the best existing and emergent security standards to deliver groundbreaking data processing that is as low-risk as it gets.
Interested in learning more about the ways Applica can securely optimize your document automation for the future? Contact us for a demo today.