Three Pillars of Security

These three security pillars allow us to meet and exceed the most stringent requirements associated with data communications, and materials-handling for the financial, medical, biotech and insurance industries.

SOC 2 Audits

Once every two years, Kaye-Smith undergoes an examination by independent auditors of its controls relevant to security, availability, processing integrity, and confidentiality (SOC 2) to determine if the controls are properly designed, placed in operation, and effective in allowing Kaye-Smith to comply with Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TSP Section 100). The result of the examination is the issuance of a SOC 2 Report by the auditors to Kaye-Smith management.

The auditor’s independent examinations are performed in accordance with Statements on Standards for Attestation Engagements (SSAEs) as provided in the codified SSAEs, AT Section 100 Attest Engagements and in accordance with the AICPA (American Institute of Certified Public Accountants) Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality, or Privacy.

ISO 27001 Information Security Management

Kaye-Smith is ISO 27001-certified, meaning that the company has met the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security management system (ISMS). This certification satisfies the federal requirements of Gramm Leach Bliley, HIPAA, and state reporting requirements.

Business Continuity and Disaster Recovery

Risk analysis, an on-going process at Kaye-Smith, has resulted in the inclusion of a back-up generator and an uninterruptible power supply (UPS) at Kaye-Smith’s processing centers. If a power failure occurs, most of Kaye-Smith’s operations continue uninterrupted. In addition, Kaye-Smith has replicated the systems and equipment in its Portland facility for a redundant business continuity solution. This redundant site is used to image and process mail on an ongoing basis.

Associations

• Amerinet / Health Resource Services
• ASI – Advertising Specialty Institute
• Bellevue Chamber of Commerce
• Greater Portland Postal Customer Council
• Healthcare Financial Management Association
• King County Chapter of Credit Unions
• NWCUA – Northwest Credit Union Association
• NWPMA – Northwest Promotional Marketing Association
• OBA – Oregon Bankers Association

• PODI – Print-on-Demand Institute
• Puget Sound Postal Customer Council
• PPAI – Promotional Products Association International
• PSAMA – Puget Sound Chapter, American Marketing Association
• Renton Chamber of Commerce
• Seattle Metropolitan Chamber of Commerce
• WBA – Washington Bankers Association
• WSHMMA – Western States Healthcare Materials Management Association
• Xplor

Certifications

•  ISO 27001 for Information Security

•  SOC 2 audited