GLBA, SOX, & PCI-DSS

The Gold Standard for Secure Compliant File Sharing

Empowering Financial Institutions with Unmatched Security and Compliance in File Sharing

Keep Your Customers’ Data Safe

Navigating the complex landscape of financial regulations can be daunting. But with Sharetru, you're not alone. We're committed to helping you understand and meet the requirements of GLBA, SOX, and PCI-DSS. Our platform is designed to make compliance easy, giving you more time to focus on what you do best—serving your customers.

But we don't stop at providing a secure platform. We go the extra mile with our Advanced Security and Compliance Add-on, offering you additional layers of protection like IDS, IPS, and virus and spyware protection. This means you can share sensitive data with the assurance that it's shielded from unauthorized access.

So, why choose Sharetru? Because when it comes to secure file sharing in the financial services industry, we're the best in the business. Don't just take our word for it, though. Experience the Sharetru difference for yourself. Start your free trial today and discover why we're the trusted choice for financial institutions worldwide.

In the financial services industry, the security of your data isn't just a priority—it's a necessity. That's where Sharetru comes in. We're not just another file sharing platform; we're your partner in maintaining compliance with critical financial regulations like GLBA, SOX, and PCI-DSS.

At Sharetru, we understand that your customers' trust hinges on your ability to protect their data. That's why we've built a platform that puts security at the forefront. With our advanced multistage encryption and comprehensive access control, you can share files with confidence, knowing that your customers' data is safe and your operations are compliant.

Read How To Protect Customers' Data

How Sharetru Streamlines Your Financial Regulation Compliance

Imagine a world where sharing sensitive financial data is as easy as it is secure. With Sharetru, that's not just a dream—it's your new reality, thanks to our robust controls designed specifically for the financial services industry.

Find Out More

Specific Access Rights Assignment As an admin, you're in the driver's seat, handpicking the access rights for each user account. Not only can you authorize specific actions for each user, but you can also put up a 'No Entry' sign for certain IP addresses. With Sharetru, you're not just managing access, you're curating it.

Multistage Encryption

Think of your data as a precious artifact in a high-security museum. With Sharetru, your data—whether at rest or on the move—is cloaked in the latest cipher strength, as impenetrable as a vault. Our SFTP file transfers are safeguarded with AES-256 encryption, while FTPS/HTTPS transfers follow the formidable TLS 1.2 standard. It's not just encryption; it's peace of mind

User Authentication Suspension Imagine a world where user authentication is as automated as your morning coffee. With Sharetru, you can set it and forget it, disabling authentication based on user inactivity or with a simple click. You can even schedule suspensions in advance—because who says security can't be convenient?

Multi-Factor Authentication In the realm of user authentication, one size doesn't fit all. That's why Sharetru offers Multi-Factor Authentication (MFA) via One-Time Passcodes (OTP), giving you the power to dictate delivery methods—be it email, SMS, or TOTP mobile apps. Or, empower your users to choose their own adventure. It's security that adapts to you.

Role-Based Access Controls

Simplicity is the ultimate sophistication, even when it comes to access privileges. Sharetru segments privileges into three roles—Administrator, Team Manager, and User—making GLBA compliance a breeze. We're not just securing your data; we're putting you in control.

Permanent Logs

With Sharetru, your audit logs are as permanent, kept for as long as you need for ultimate data security. Track user activity like a detective on a case, always knowing who did what. It's not just about keeping records; it's about maintaining transparency and making accountability part of your identity.

Email Journaling

Say goodbye to email chaos. Sharetru lets you consolidate message traffic notifications into your chosen internal mailbox, creating a neatly sorted email record for swift access. Keep it private or grant access to select users—your inbox, your rules.

User Jailing

Add an extra layer of security as effortlessly as adding a layer of frosting on a cake. With Sharetru, you can establish basic user-to-folder relationships and configure site-wide settings to keep users within their home folders. It's not just about setting boundaries; it's about fortifying your fortress.

SOX

Establish Controls to Enable Compliance

The goal of all your SOX-based compliance measures should be to protect all financial data. Many companies take the step of encrypting all of their sensitive financial data, guarding it against unauthorized access.

Besides data encryption, your organization should also have appropriate security controls in place to prevent data loss or alteration. Following cybersecurity best practices with regard to granular access controls, user passwords, and file sharing security helps you protect SOX-covered information.

Our platform provides robust baseline security features out of the box, while our Advanced Security and Compliance Add-on gives you the support you need for SOX-compliant file sharing.

The Sarbanes-Oxley Act (SOX) was passed in 2002 to ensure the protection of shareholders and citizens from the accounting errors and fraudulent practices of enterprises. It also helps to confirm the accuracy of these businesses’ public disclosures.

Since all public companies have to comply with SOX, understanding the steps your organization must take to maintain compliance is essential. To stay SOX-compliant, public companies must:

Issue periodic financial statements to be audited by third-party auditors
Promptly report to the public any significant changes to the company’s financial situation
Establish internal controls to detect and prevent fraud, as well as to preserve the integrity of the company’s financial data
Provide an annual management assessment of internal controls to be approved by third-party auditors

Read About Establishing Controls

PCI-DSS

Be Confident in Your PCI-DSS Compliance

All of our servers are located within a highly secure data center in the U.S. Those servers also live within a cloud infrastructure that is both PCI compliant and certified by VISA.

Sharetru enables you to restrict access to users, assign a unique ID or login to each employee, and limit physical access to sensitive data. For advanced protection, our customers’ file sharing sites are hosted behind hardware and software firewalls.

With our platform, you also have the ability to require your users to connect to your file sharing site using encrypted protocols with no exceptions, keeping your customer data safe and sound.

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements governing the security of account data for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.

Information like account numbers, cardholder names for credit cards and other forms of payment information, expiration dates, and more fall under the requirements of PCI-DSS. These requirements are particularly necessary for the healthcare and financial services industries, where a data breach could result in identity theft and irreparable damage to a company’s reputation.

Sharetru provides every possible control for you to securely safeguard cardholder information compliant with PCI-DSS security standards.

Learn more about PCI-DSS Compliance

Steer Clear of Expensive Damages

Executives may be ordered to pay up to $1 million in fines and could be imprisoned for 10 years for knowingly certifying financial reports that don't comply with SOX requirements.

Violations of GLBA can also result in expensive penalties and jail time, such as:

$100,000 fines levied on financial institutions for each violation
$10,000 fines to be paid by individuals in charge for each violation
Up to 5 years in prison for individuals found in violation

Fines for violating PCI-DSS typically range from $5,000 to $100,000 per month and can be increased based on the period of non-compliance.

That’s why it’s absolutely essential that your data storage and transfer platform helps you cover all your bases when it comes to compliance. Sharetru does exactly that and more.

In addition to shielding your organization from significant financial penalties, complying with GLBA, SOX, and PCI-DSS protects nonpublic information. This in turn builds trust and loyalty, supporting your customer retention.

Because of the onslaught of malware and ransomware attacks on financial institutions, having a robust cybersecurity defense is vital to your business. Most security threats come from within an organization, so it’s important for you to be able to track your users’ activity quickly as our platform enables you to do.

The potential fines your organization could face for violations of GLBA, SOX, or PCI-DSS are considerable. It’s crucial that you equip your organization with a secure file sharing solution like Sharetru, which makes it much easier to comply with these key frameworks.

Learn More about PCI-DSS Compliance

Check Out Additional Resources

See all resources here

Blog

PCI-DSS File Sharing Requirements

What steps is your company taking to protect sensitive cardholder data? Explore four PCI-DSS file sharing requirements you company should meet.

The latest version of PCI-DSS identifies 12 requirements for compliance which are organized into six related control objectives. With our platform, you can be sure you’re meeting those requirements when you store and transfer data from anywhere in the world.

Build and Maintain a Secure Network

To decrease the risk of unauthorized access, we never use default system passwords. We also maintain a secure firewall at the perimeter of our network to protect your customer data from breaches.

Protect Cardholder Data

All platform subscriptions include encrypted protocols, and you can control the use of encrypted transmission. We recommend pre-encryption but do offer automated server-side encrypted storage mechanisms.

Maintain a Vulnerability Management Program

To further reduce the risk of compromising your customer data, we reinforce the security of our platform by configuring our office systems, such as Windows desktops, with regularly updated anti-virus software.

Implement Strong Access Control Measures

Our platform enables you to assign unique login IDs to users. We operate in a high-security data center that requires biometric + card + pin for physical access, and our servers are safe inside locked cabinetry.

Regularly Monitor and Test Networks

To help you track and monitor all access to network resources and customer data, we log all historical access activity and make those detailed logs available to you at all times. We also routinely test our system for vulnerabilities.

Maintain an Information Security Policy

Our security policy helps to ensure your folders and data transmissions are secured, your users must comply with essential controls like password strength and encrypting transmissions, and your auditors can verify everything.

Let Us Show You

You don’t have to just take our word for it. We’ve been leading the charge in secure online file sharing since the beginning, and we’d love to show you how we do it. Schedule your demo today.