Kofax ControlSuite Administrator’s Guide - Security and Compliance iii
Table of Contents
Preface ................................................................................................................................................................... 1
Getting help for Kofax products .......................................................................................................................... 1
Security and encryption terminology ................................................................................................................. 2
Security Overview .................................................................................................................................................. 3
Security Development Lifecycle ........................................................................................................................ 3
Implementation .............................................................................................................................................. 3
Kofax ControlSuite security model .................................................................................................................... 4
Kofax ControlSuite architecture .................................................................................................................... 4
Kofax ControlSuite Office Print (Equitrac) architecture ................................................................................. 6
Kofax ControlSuite Capture (AutoStore) architecture ................................................................................... 8
Kofax ControlSuite Mobile (Business Connect) architecture ...................................................................... 10
Kofax ControlSuite Output Management (Output Manager) architecture ................................................... 12
Payment Card Industry Data Security Standard .................................................................................................. 14
Usage and Compliance ................................................................................................................................... 15
Compliance for Merchants .......................................................................................................................... 15
Compliance for Service Providers ............................................................................................................... 15
Kofax ControlSuite and PCI DSS .................................................................................................................... 16
Kofax ControlSuite and PCI DSS Requirements ............................................................................................. 17
Compliance ................................................................................................................................................. 17
Objective 1: Build and Maintain Security Network ........................................................................................... 18
Objective 2: Protect Cardholder Data .............................................................................................................. 19
Objective 3: Maintain a Vulnerability Management Program .......................................................................... 20
Objective 4: Implement String Access Control Maintenance .......................................................................... 21
Objective 5: Regularly Monitor and Test Networks ......................................................................................... 24
Objective 6: Maintain an Information Security Policy ...................................................................................... 25
Health Insurance Portability and Accountability Act ............................................................................................ 27
Privacy Rule ................................................................................................................................................ 27
Security Rule ............................................................................................................................................... 27
Kofax ControlSuite and PHI / HIPAA Compliance ........................................................................................... 27
Kofax ControlSuite and HIPAA Security and Privacy ...................................................................................... 28
Administrative Safeguards .......................................................................................................................... 28
Physical Safeguards .................................................................................................................................... 28
Technical Safeguards .................................................................................................................................. 28
Kofax Platform and HIPAA Standards ............................................................................................................. 29
Compliance ................................................................................................................................................. 29
Objective 1: Administrative Safeguards (§164.308) ........................................................................................ 29
Objective 2: Physical Safeguards (§164.310) ................................................................................................. 32
Objective 3: Technical Safeguards (§164.312) ............................................................................................... 34
General Data Protection Regulation .................................................................................................................... 36
Consent ....................................................................................................................................................... 36
Rectify and amend ...................................................................................................................................... 36
Right to be forgotten .................................................................................................................................... 36