Your Data Security Is Our Highest Priority
At Outsource1095.com, the security and confidentiality of your information are at the core of everything we do.
We maintain a highly secure, fully compliant environment to protect sensitive taxpayer data throughout every stage of the ACA reporting process — from file upload to IRS e-filing and employee distribution.
We understand that ACA forms contain personally identifiable information (PII), so our systems and procedures are designed to exceed IRS AIR, SOC 2, and PCI-DSS standards.
Comprehensive Data Protection Framework
Encryption and Secure Transmission
-
All data transmitted to and from our systems is protected using Advanced 256-bit SSL encryption.
-
Files stored on our servers are encrypted at rest, ensuring data integrity and privacy at all times.
-
We employ secure session management, firewalls, and intrusion detection to safeguard your information.
Secure Hosting and Monitoring
-
Our servers are hosted in Tier III+ U.S. data centers with 24/7 physical and network monitoring.
-
We partner with SiteLock to continuously scan our website for vulnerabilities and maintain PCI compliance.
-
Regular penetration testing and vulnerability scans ensure that our defenses remain current against evolving cyber threats.
SOC 2 Type I Certified
We have successfully completed the SOC 2 Type I audit conducted in accordance with the AICPA’s Attestation Standards Board.
This independent attestation confirms that our internal controls and security practices meet the strictest standards for:
-
Security
-
Availability
-
Confidentiality
-
Processing integrity
SOC 2 certification demonstrates our ongoing commitment to maintaining the confidentiality and reliability of your data.
Data Privacy and Staff Integrity
-
All Outsource1095 personnel are U.S. citizens, background-checked, and trained in federal and industry-standard data-handling protocols.
-
We enforce role-based access control (RBAC), ensuring employees can only access information necessary for their specific job function.
-
We never sell, rent, or share client data with any third parties.
-
Our internal privacy and retention policies comply with applicable IRS Publication 1075 and data-governance best practices.
For full details, please review our Privacy Policy.
Payment Security
We follow a strict data-minimization policy to reduce exposure and prevent data breaches.
-
We do not store credit-card information on our servers.
-
All online transactions are processed through PCI-DSS-compliant payment gateways, ensuring your payment details remain fully encrypted and secure.
Secure File Uploads
When transmitting ACA data files to us, clients use our secure FTP (SFTP) or encrypted web upload portal.
-
Once you sign up, we provide unique, credential-protected access for file submission.
-
Files are received and processed only within our controlled network — never via unencrypted email or public file-sharing tools.
Continuous Compliance and Improvement
We continuously monitor and update our systems to align with the latest:
-
IRS AIR (Affordable Care Act Information Return) transmission requirements
-
NIST cybersecurity and federal privacy guidelines
-
State-level data-protection regulations
Our goal is to deliver complete peace of mind that your organization’s sensitive information is protected at every step.
Contact Us
Security is a shared responsibility — and we’re here to help.
If you have any questions about our security measures, compliance standards, or data-handling procedures, please contact us anytime.
