Security Technology

At Docitt, securing your information is our top priority. We are committed to maintaining the confidentiality, integrity, and availability of the data you maintain on our site. Docitt’s security program takes an integrated approach to infrastructure, applications, and processes to provide comprehensive layered protection of all data. Our primary objective is to provide a secure environment for our customers to manage their online accounts. Docitt employs leading-edge technologies, standards, and business practices to protect your personal information.

Here are some key features of our security technology:

• We have deployed a dedicated environment in a highly secure data center, supported by resilient network architecture.
• We employ state-of-the-art encryption technology both when transmitting and when storing your data.
• Firewalls and security monitoring appliances are deployed throughout our networks for end-to-end protection of our environment.
• We use a sophisticated toolset, based on industry best practices and methodologies, that alerts us to possible threats before they can affect you.
• We test and certify all our applications and systems for effective security controls.
• We are subject to frequent internal and external assessments and audits as part of our continued efforts to improve our security posture.

Here are more details on how we keep you and your information safe:

• All your personal information is transmitted securely using Transport Layer Security (TLS) technology with the highest encryption algorithm available today. These same algorithms are utilized by all of the top U.S. financial institutions. To further protect your information, we use encrypted session cookies, which are common computer tools, to help you easily use the site. You know you are protected when your browser address bar turns green.

When you see the green browser bar, like in the illustration above, www.docitt.com can be displayed in the area where “Identified by Norton” is displayed in the example. When you click on that area, it shows you details about the certificate and verifies that you are on www.docitt.com.

• We have enlisted the services of two industry leaders to verify our security. Symantec is our security certificate provider and its trusted “Norton Secured” security seal is displayed on our site. TRUSTe has certified our privacy policy and privacy practices.
• You can read more about Norton Secured trusted security seal  here 
• Your Docitt login is secured using a one-way 256-bit salted hash, the same security FDIC insured banks are required to use.
• Your documents are also encrypted, and they reside in our secure storage until you choose to delete them.
• We don’t transact with your money on the Docitt website – we are a “read-only” service. No one can manipulate any of the information in your accounts from within the Docitt Service.
• All our employees undergo criminal background checks as a condition of employment. Access to systems holding your personal data is strictly limited and constantly monitored.
• All information is stored on dedicated hardware in a secure datacenter which is monitored 24/7 by bonded and licensed security services.
• Physical access to hardware is controlled by multi-level, biometric authentication.
• We have a comprehensive set of information security policies and operating procedures that are based on the International Standards Organization (ISO) 27001 framework, which is used by the top U.S. financial institutions and U.S. Government agencies.
• All employees are required to comply with our policies and participate in regular security training and awareness education.
• We adhere to the Payment Card Industry (PCI) standard, which is the credit card industry standard against which all groups who process or handle credit cards are tested regularly.
• We employ expert security and compliance officers to certify adherence to our policies. Docitt regularly has security industry experts perform simulated attacks and other tests on our systems to ensure the integrity of our security.

Web Site Account Best Practices

When selecting your “Secret Question” choose answers that are not easily available to someone else.

• Example: If your Secret Question is “What high school did you go to,” It is not recommended that you use the high school you attended if it is posted on your Facebook page. Others will be able to obtain this public information and answer your security question. A secure way to do this would be to use a high school you can remember (e.g., a rival high school, the name of your school district, a high school where you wanted to attend, or your current child’s high school).

Tips for creating a secure password:

Passwords are the first line of defense to access your Docitt account. We recommend you:

• Include special characters [/.!@# ect.. ].
• Numerical characters.
• Mix capital and lowercase letters.
• Include similar looking substitutions, such as the number zero for the letter ‘O’ or ‘$’ for the letter ‘S’.
• Create a unique acronym-based passphrase, such as Everything Is Going To Be Okay becomes “E1GtB0” or the first letter of each word from a verse of a song, such as, “The Stars at night are shining bright,” becomes “Ts@nasb”..
• Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh’.

Things to avoid:

• Do not use words or acronyms that can be found in a dictionary
• Do not use a password that contains personal information (name, birth date, etc.).
• Do not use keyboard patterns (asdf) or sequential numbers (1234).
• Do not make your password all numbers, uppercase letters or lowercase letters.
• Do not use repeating characters (aa11).

Tips for keeping your password secure:

• Never tell your password to anyone (this includes significant others, roommates, parents, etc.).
• Never write your password down, unless you plan to place it in secure location (Safe Deposit Box).
• Never send your password by email.
• Change your password on a recurring basis (Minimum every year, recommended every 90 days).
• Use a password locker (PWSafe, KeePass, Last Pass, etc.).