Confidentiality and Compliance

SOC-2-certified 

Research Transcriptions maintains SOC-1 and SOC-2 reports for the Security, Availability, and Confidentiality Trust Services Principles, as established under the American Institute of CPAs (AICPA) TSP Section 100 – 2017 Trust Services Criteria. These reports were issued by an independent third-party assessor who evaluated the company’s internal controls for security and confidentiality. The assessment verifies that Research Transcriptions has implemented and maintains practices that ensure secure operations, consistent system availability, and the highest levels of privacy for customer data. 

In addition, Research Transcriptions partners exclusively with vendors who maintain SOC-2 Type II certification, ensuring that compliance extends throughout its supply chain. This layered approach demonstrates a company-wide commitment to security, availability, and confidentiality that is unmatched in the industry.

The company's SOC-2 report is available under a Nondisclosure Agreement (NDA). Contact us for details.

CJIS-compliant

Research Transcriptions aligns its security program with the FBI Criminal Justice Information Services (CJIS) Security Policy, which establishes strict standards for protecting Criminal Justice Information (CJI). These safeguards are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Security controls include access management, encryption, logging, and incident response, all structured to meet law enforcement agency requirements. Because CJIS does not provide a formal certification, compliance is demonstrated through adherence to agency mandates and supported by the company’s SOC-2 report. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to CJI.

All Research Transcriptions transcribers and personnel with access to CJI complete CJIS Security Awareness Training, undergo background screening where required by contracting agencies, and follow strict confidentiality protocols to safeguard sensitive law enforcement data.

HIPAA-compliant

Research Transcriptions complies with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification requirements, which establish strict standards for the privacy, security, and breach notification of protected health information (PHI). The company’s data protection practices are reinforced through its SOC 2 certification, where confidentiality and security controls have been independently audited and verified. This framework governs the handling of PHI by Research Transcriptions and its affiliated vendors and contractors, ensuring that all transcription processes align with the safeguards required under HIPAA. The responsibility of Research Transcriptions is limited to the extent that it acts as a Business Associate entrusted with access to PHI.

All Research Transcriptions transcribers and personnel with access to PHI receive HIPAA compliance training, maintain current certification, and follow strict confidentiality protocols designed to protect patient information and support the compliance needs of healthcare providers and their partners.

NIH-trained

Research Transcriptions adheres to the standards established by the U.S. Department of Health and Human Services (HHS) Office for Human Research Protections (OHRP) for NIH-funded projects involving human subjects. These requirements are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Training covers research ethics, participant protections, informed consent, and compliance with NIH Data Management and Sharing policies. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to federally funded research data.

All Research Transcriptions transcribers and personnel assigned to NIH-funded projects complete OHRP Human Research Protection Training, maintain current certification, and follow strict confidentiality procedures to safeguard participants and sensitive study data.

CITI-trained in Protecting Human Subject Research

Research Transcriptions complies with the standards of the Collaborative Institutional Training Initiative (CITI), which provides the framework for protecting human subjects in academic and research settings. This training governs the secure handling of sensitive research data and is reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Core areas of instruction include data management and security, ethical conduct in social and behavioral research, and compliance with Institutional Review Board (IRB) requirements. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to human subjects research data.

All Research Transcriptions transcribers and personnel engaged in research projects maintain current CITI certification and follow strict confidentiality standards designed to safeguard participant rights and research integrity.

EDUCAUSE,
HECVAT-registered (FULL)

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire designed to evaluate vendors' security and data protection practices for higher education institutions, especially for cloud services. Developed by the Higher Education Information Security Council (HEISC) and EDUCAUSE, it ensures compliance with stringent privacy standards.

Research Transcriptions has completed the Full HECVAT, demonstrating our commitment to robust data protection and alignment with higher education security requirements.

GDPR-compliant

Research Transcriptions follows the European Union’s General Data Protection Regulation (GDPR), which sets the standard for protecting personal data and individual privacy. These requirements are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Security and privacy controls include lawful basis for processing, access restrictions, encryption, data minimization, and breach notification procedures. Because GDPR does not grant formal certification, compliance is demonstrated through documented internal policies, client-directed data processing agreements, and validation supported by the company’s SOC-2 report. The responsibility of Research Transcriptions is limited to the extent that it acts as a data processor on behalf of its clients.

All Research Transcriptions transcribers and personnel who handle personal data complete GDPR awareness training, operate under strict confidentiality agreements, and follow client instructions to ensure full compliance with regulatory requirements.

FERPA-compliant

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records, ensuring that access to and sharing of these records comply with strict confidentiality standards.

Research Transcriptions is fully FERPA-compliant, with rigorous data security protocols and trained personnel to safeguard sensitive educational information. Our

PCI-compliant

The Payment Card Industry Data Security Standard (PCI DSS) sets strict guidelines for securing payment card data.

Research Transcriptions ensures PCI compliance by partnering exclusively with PCI-compliant credit card processors. We never store or take possession of credit card information. Our secure systems, encryption protocols, and ongoing staff training uphold the highest standards for safeguarding client financial transactions and data.