As companies implement remote ISO 9001 and AS9100 certification audits, they may find they accidentally violate critical security regulations and export control laws, including ITAR, EAR, and NIST. These violations can happen when sharing documents over non-secure portals, or with non-US persons.
Companies have opted to rely on non-secure commercial solutions, such as GoToMeeting, Skype, Zoom, MS Teams, Google Meet or Cisco WebEx. None of these ensure compliance with the requirements of ITAR and other regulations.
Oxebridge is pleased to offer day-of-audit document sharing hosting through its RegDOX-powered collaborative portal. RegDOX has received an official declaration from the US Department of State indicating that its secure document sharing platform complies with ITAR. Likewise, sharing audit evidence through Oxebridge’s RegDOX portal complies with EAR, NIST and a host of other security and export control regulations.
Obtaining a license for RegDOX requires an annual subscription, which is out of reach for most companies that only need to share evidence with remote auditors for “days of audit” only. To ensure clients have a solution, Oxebridge has made an agreement with RegDOX to allow clients to utilize its licensed portal during their audit days, for as little as $100 per audit day. You only pay for the audit days used, and are not locked into any recurring subscriptions.
How It Works
Using RegDOX is simple. After signing up with Oxebridge and ensuring the portal is available for your audit days, Oxebridge will create an administrator account for your private “dataroom.” This online portal, accessible via a web browser, will allow you to share documents with remote auditors, who are prohibited from saving, copying or downloading them. Each document is watermarked, and every “transaction” with a document is fully logged and auditable later. This includes views, time spent viewing, and more.
Clients can upload documents for review by auditors, while auditors only have viewing rights. Once the audit is completed, the dataroom is permanently destroyed, and all uploaded documents and data are wiped forever.
Oxebridge cannot view your documents; they are entirely within your control at all times. Oxebridge only sets up the initial room and grants access to your company representative. As a result, using the Oxebridge portal ensures simultaneous compliance with your certification body’s confidentiality requirements, as well as any corporate privacy rules.
Each audit event can host up to four parties, and you decide how to distribute those seats between your company and the registrar.
RegDOX servers reside only in the United States, and all tasks, transactions, and documents are subject to full encryption. Third parties cannot access the data.
The Oxebridge portal does not support video or audio, however, so this must be paired with a secure voice or video solution; it is typically sufficient to use simple phone calls during document sharing, but Signal may be used for improved voice and video security. Signal may be downloaded for free here. Documents should never be shared over such methods, even if encrypted calls and messages are used.
Pre-recorded video may be uploaded and shared through the Oxebridge portal, however, since the uploaded videos are unable to be saved by the auditors, and are destroyed once the audit is completed.
To request usage of the RegDOX powered Oxebridge portal, request a quote and time slot by completing the form below.