Product Certifications & Compliance
Collabware Solutions Comply With These IT & Regulatory Standards
Collabware Compliance Certifications
Rest assured we have taken the steps to verify our products meet regulatory guidelines.
Collabware invests heavily into product innovation and advancing IT and EDRMS security practices. Our products undergo continual testing and remain accredited to these international records management standards.
Contact our sales team for guidance on whether these regulations are mandatory for your industry.
Featured
FedRAMP standardizes security assessment and authorization for cloud products and services used by U.S. federal agencies. The aim is to make certain federal data is consistently protected.
The full FedRAMP Moderate review process validates over 300 security controls and Collabware has confirmed all of these to achieve Authorized status. FedRAMP Authorization documents the system security information, compliance with federal mandates, and ability to meet FedRAMP security requirements.
FedRAMP is endorsed by the U.S. government’s Federal Chief Information Officers Council and controlled by a Joint Authorization Board (JAB) that comprises representatives from:
- the Department of Defense (DoD),
- the General Services Administration (GSA), and
- the Department of Homeland Security (DHS).
About FedRAMP
Find Collabspace in FedRAMP Marketplace
StateRAMP (State Risk and Authorization Management Program) is designed to standardize and streamline the security verification process for cloud services and products used by state and local governments in the United States. Modeled after the federal government's FedRAMP program, StateRAMP aims to ensure that cloud service providers (CSPs) meet specific security standards to protect government data effectively. The program provides a framework for assessing, authorizing, and continuously monitoring cloud-based services.
Find Collabspace in StateRAMP Authoized Product List
Collabware has aligned our internal processes in compliance to Service and Organization Controls (SOC) 2 based on the Trust Service Criteria. It’s considered a security standard and top report for auditing each organization’s processes and ensuring consistent adherence.
SOC 2 focuses on controls as they relate to security, availability, processing integrity, confidentiality and privacy of a system
About SOC 2
View SOC 2 Type 2 Press Release
For a copy of the full SOC2 Report for Collabware, please email: contact@collabware.com
U.S. Department of Defense (DoD) Directive 5015.2 sets requirements for mandatory baseline functionality of Records Management Application (RMA) software. It defines required system interfaces and search criteria; and outlines the minimum records management conditions that must be met based on current National Archives and Records Administration (NARA) regulations. While generated by the U.S. entity, this testing standard is recognized by many international organizations worldwide.
DoD-Certification Press Release
Collabware DoD 5015.2 Register
The U.S. Security Commission sets standards requiring broker-dealers to store records electronically and outlines their format and length of time they must be kept. SEC 17a-4 specifically defines that the format must be nonerasable/non-rewritable (WORM-compliant) in a storage system that prevents any alteration, be retained, indexed and indelible for 3-6 years and immediately accessible for the first 2 years. And that duplicates are maintained in a separate location for the same duration.
About SEC Rule 17a-4
GSA Advantage is the online shopping and ordering system that provides access to contractors, products and services. Federal, state and local government employees can make purchases on GSA Advantage!, allowing government agencies to purchase from Collabware with pre-negotiated pricing, terms & conditions that help simplify and accelerate the sales process. This program ensures any vendor given GSA approval will provide full transparency, efficiency and flexibility in the selection process during software procurement.
View the preferred pricing for Collabware’s Cloud products:
Collabspace ARCHIVE on GSA
For On-Prem SharePoint:
Collabware CLM on GSA
A GSA Schedule Contract, also known as the federal supply or multiple award schedule, allows government agencies to purchase from Collabware with pre-negotiated pricing, terms & conditions that help simplify and accelerate the sales process. This program ensures any vendor given GSA approval will provide full transparency, efficiency and flexibility in the selection process during software procurement.
NARA is the U.S. National Archives and Records Administration who dictate their digital records transformation targets for government agencies. They are leading the way in the next generation of federal records management compliance. Software must meet all the standards of the NARA Code of Federal Regulations 36 CFR Chapter 12 or have NARA-approved waiver from one or more specific standards in those sections. Presidential Mandate M-19-21 via NARA dictates that all public sector records must be managed electronically. And by 2022, NARA will no longer intake any records for archive in physical format, including legacy items.
Set by the Canadian General Standards Board’s Committee on Electronic Records and Image Management, CAN/CGSB-72.34 specifies principles, methods, and practices for the creation (i.e. making, receipt, and capture) and management of all forms of electronic records (e.g. e-mail, cartographic, audio-visual, textual, multimedia, etc.) to support their admissibility (see 3.5 and 3.6) and weight (see 3.74) as evidence in legal proceedings. An organization may be required to produce electronic records as evidence in legal proceedings. To support the admissibility and weight of electronic records as documentary evidence, the organization needs to ensure that these records can be proven or presumed to be reliable, accurate, and authentic, meaning trustworthy.
CAN/CGSB-72.34-2017 Electronic Records as Documentary Evidence
MoReq2010® outlines the essential elements that a records system should have to ensure that records are properly managed, can be accessed at all times, are retained for as long as they are needed and are properly disposed of once the obligatory retention period has expired. An organization which implements a records system based on the requirements of MoReq2010® can be assured that its records will be properly managed.
MoReq2010® defines the core functionality required of a records system whether it is deployed into a public body, private organisation, or even the third sector. MoReq2010® is a modular specification, which means that the specification can be extended to allow for specialized application in different jurisdictions, markets and industry sectors. Organizations using it can incorporate policies and regulatory requirements relevant to their business sector.
Collabware is regularly tested and certified by Microsoft to validate that our software products follow stringent coding principles and integrate seamlessly with Microsoft technologies. Microsoft also holds Collabware accountable to ensure our software delivery is fully compatible and trustworthy.
As a Gold ISV Partner (Independent Software Vendor), we have met the highest criteria for all program requirements.
Microsoft is redefining enterprise content management (ECM) with modern, end-to-end software and services to connect entire workplaces and enable intelligent content management.
As a charter member of the preferred content services program, Microsoft has validated our work as a top-tier system integrator that can address high-impact scenarios and workloads including: advisory/implementation, migration, capture, workflows, records management and compliance.
The Sarbanes-Oxley Act of 2002 (SarbOx or SOX) is also known in the U.S. Senate as the "Public Company Accounting Reform and Investor Protection Act," and in the U.S House of Representatives as the "Corporate and Auditing Accountability, Responsibility, and Transparency Act." This legislation protects the public from accounting errors and fraud, and holds firms responsible for the accuracy of corporate disclosures.
The Code of Federal Regulations (CFR) is a codification of the general and permanent rules published in the Federal Register by Executive departments and agencies of the Federal Government. Part 11 applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act, the Public Health Service Act, or any FDA regulation.
It dictates that open computer systems must have controls to ensure all records are authentic, incorruptible and confidential where needed. Closed computer systems must have a collection of procedural and technological controls in place to protect data within.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. It can be broken into two parts. One is the Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information. This part establishes national standards for the protection of certain health information. The other is the Security Rule for the Protection of Electronic Protected Health Information to establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.
Federal agencies must make their electronic and information technology (EIT) accessible to people with disabilities, so Section 508 Standards applies to electronic and information technology procured by the federal government, including computer hardware and software, websites, phone systems, and copiers. The Section 508 Standards contain technical criteria specific to various types of technologies and performance-based requirements which focus on functional capabilities of covered products. Specific criteria cover software applications and operating systems, web-based information and applications, computers, telecommunications products, video and multi-media, and self-contained closed products
The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web. W3C operates under a Code of Ethics and Professional Conduct. The International agency standardizes strategies, standards and resources to make the Web accessible to people with disabilities. Web Content Accessibility Guidelines (WCAG) 2 is designed to be a stable, referenceable technical standard.
TX-RAMP is similar to FedRAMP as it standardizes the security assessment and authorization for cloud products and services used by government bodies in the State of Texas.
The Texas DIR (Dept of Information Resources) validates and negotiates pre-packaged contracts with solution & service vendors that meet state purchasing requirements in order to identify safe and reputable relationships while securing discounts to help you to save. You can purchase Collabware through our local Texas-based partner.