Information Security Policy Statement

“Data Marshall is committed to ensure the Confidentiality, Integrity, and Availability of information of all stakeholders and its customers, by adopting a formal Business Risk Management Framework and establishing an Information Security Management System. The Information Security Management System is aligned to the business objectives and ensures the security training, business continuity requirements; applicable contractual, statutory, regulatory and legal requirements of the business environment are complied with.”


SOC2 Type 2

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

The report provides detail on the effectiveness of a service organization’s controls focusing on the trust principles and criteria containing customer data. Data Marshall undergoes independent third-party assessment on all its service offerings. SOC2 compliance and certification provides Data Marshall clients with the trust and assurance that Data Marshall has an effective control system to mitigate operational and compliance risks. It also demonstrates Data Marshall’s commitment to security.


  • Encrypted Claims Transmission
  • Secure FTP site access
  • Secure Scanned Files storage and retrieval
  • Avoid Photocopy of Records
  • Avoid Faxing of Records
  • Avoid PHI details through Emails and Attachments
  • Secure Storage and Retrieval of Records
  • Disclosure of PHI to Patients / Family Members only
  • Use and Disposal of Reports
  • Use of Standard HIPAA Approved Code Sets
  • Non-Disclosure agreements with all the employees


Data Marshall is a Certified ISO 27001:2013 (ISMS-Information Security Management System) company. UL-DQS (, the certification body has certified our system by conducting the ISMS (ISO/IEC 27001:2013) audit on Data Marshall’s ISMS & reviewing the ISMS through subsequent surveillance audits.

Data Marshall’s ISMS policies & procedures address, but not limited to, the following:

  • Data Marshall – Security Policy
  • Physical/Logical Access Control
  • Network Security
  • Workstation Security
  • Information Handling
  • Monitoring Internal Activities
  • Incident Management
  • Data Backup
  • Antivirus
  • Internet Usage
  • Disciplinary
  • Business Continuity Plan


The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Additional information can be found at

Get in Touch

Learn how Data Marshall can help your Organization

Scroll to Top