Built for the businesses
that get audited.
Diversicom runs security-focused, compliance-aligned IT for regulated industries — and gives your reviewers the documentation they ask for. This page is the short version: how we protect your data, the frameworks we build to, and who touches it along the way.
Controls a reviewer expects to see
These are the safeguards we build into the environments we manage. They describe how we operate — not a certification we hold on your behalf.
Encryption in transit and at rest
Data is encrypted as it moves across the network and while it's stored, so information stays protected on the wire and on disk.
MFA on administrative access
Multi-factor authentication is required for administrative access to the systems we manage, so a stolen password alone isn't enough to get in.
Least-privilege access controls
People get the access they need to do their job — and no more. Permissions are scoped tightly and reviewed as roles change.
24/7 monitoring and alerting
We watch servers, networks, and endpoints around the clock. Most issues are caught and worked before they reach your team.
Geographically redundant backups
Backups are automated, encrypted, and kept in copies across our two datacenters in Tampa and Dallas, so a single failure never becomes a catastrophe. Restores are run and verified by our team — recovery in hours, not days.
Audit-ready documentation
Access controls, configurations, and logging are documented and maintained — so when an auditor asks for evidence, we can produce it.
The controls above describe how Diversicom operates the environments it manages. They are capability statements, not a representation that Diversicom holds any specific certification or attestation.
We build to the framework. You hold the obligation.
Diversicom designs, runs, and documents IT environments to meet the requirements your regulators impose. We support your compliance program — Diversicom is not itself the certified or attested party for these frameworks.
Healthcare & PHI
Encryption, access controls, endpoint protection, and audit-ready logging built to protect PHI — and to produce the evidence auditors and the OCR ask for.
Financial Services
MFA, email archiving and retention, access logging, and encrypted data at rest and in transit, structured to meet overlapping financial-services requirements.
Controls & Reporting
Documented change management, access reviews, and audit trails that support the IT general controls SOX reporting depends on.
Other Frameworks
For card data, bar-association requirements, grant compliance, and other obligations specific to your industry, we build to the relevant standard.
Business Associate Agreements (BAAs): If you operate under HIPAA and need a BAA in place, ask us — we'll walk through what's required for your engagement. Ask us about a BAA.
The tools behind your service
These third-party providers help deliver this website and our public-facing tools. We list them plainly so your reviewers know who's in the path.
| Provider | Purpose | What it handles |
|---|---|---|
| CloudflareHosting, CDN & edge security | Website hosting, content delivery, and the edge function that powers our AI assistant. | Serves this site's pages and assets, and proxies AI-assistant requests. Visitor request data passes through Cloudflare's network. |
| Web3FormsForm delivery | Delivers submissions from our website contact form to our team inbox. | The name, email, and message you enter in the contact form, relayed to info@diversicomcorp.com. |
| Anthropic (Claude)AI assistant | Powers the on-site AI assistant that answers questions about our services. | The questions you type into the AI assistant, sent through our Cloudflare edge function to the model provider to generate a reply. |
This list covers the sub-processors involved in our public website and its tools. The vendors used to deliver managed services for a given client engagement — such as endpoint protection (EDR), our SOC, and backup platforms — are shared as part of the security documentation packet for that engagement.
Request our security documentation
Running a vendor-security review? We'll provide the documentation packet your process needs — and complete the questionnaire your team uses.
Security questionnaire / SIG
Send us your standard questionnaire — including a SIG or SIG Lite — and we'll complete it for your file.
Documentation packet
Our overview of administrative, technical, and physical safeguards, plus the sub-processors relevant to your engagement.
BAA & engagement terms
Operate under HIPAA? Ask about a Business Associate Agreement and the scope it would cover.
On the contact form, choose “Compliance (HIPAA, SOX, etc.)” as your topic, or call 1-833-705-6669.
Trust & compliance, answered plainly
Is Diversicom HIPAA or SOC 2 certified?
Where is our data stored?
How fast can you recover after an outage or ransomware event?
Do you sign Business Associate Agreements (BAAs)?
Which sub-processors and tools are involved?
Ready to start a security review?
Send us your questionnaire or ask for our documentation packet. We'll get your reviewer what they need to sign off — quickly and without the runaround.