Integrating the Dynamics of Change

Where companies learn that dramatic improvement does not require dramatic change. 

Here, companies can finally eliminate paper from their environment, without giving up current business processes, without replacing computer systems, and without undertaking lengthy technology deployments. 

In a matter of hours, PaperClip Incorporated enables companies to go paperless with minimal financial investment and no programming. 

In an age when effective communications are critical to success, PaperClip Incorporated empowers companies to manage, communicate and transact with unparalleled speed and security while reducing operational costs.


PaperClip Incorporated's line of products and services enable companies across a wide range of industries to easily receive, input, process, access, store, manage and deliver documents in electronic format. The company’s solutions work seamlessly with a user's current systems, are intuitive to use, and cost-efficient to run.

Implementing PaperClip Incorporated yields dramatic results.

  • Eliminates paper costs, including copying, faxing, shipping and archiving.
  • Puts an end to lost, misfiled, or misrouted documents.
  • Enables concurrent user access for collaborative business processing.
  • Dramatically improves customer service.
  • Eliminates paper archiving and the associated retrieval challenges.
  • Increases documentation quality with collaborative underwriting.
  • Collapses the time to process with electronic document exchange.
  • Ensures user acceptance thanks to ease of use.

What is Mojo?

Everybody talks about big data with many uses starting with predictive analytics of this big data. What you never hear is how do we create usable big data and that is PaperClip Mojo, where big data begins.

PaperClip Mojo is a new Platform as a Service born in the Cloud to engage Crowd Sourcing for Big Data processing. The ability to transcribe, translate and interpretation of Big Data faster and more accurate than ever before is a killer app. Cloud computing turns what took hours and days into seconds and minutes. Crowd Sourcing reaches a global workforce for accuracy and new capabilities never experienced before.

The promise to transform handwriting from paper to usable data by technology has never been achieved and never will. Large companies today hire off shore organizations leveraging their inexpensive labor pool providing 24 hour turnarounds.

New opportunities focus on multi-media interpretation into data allowing information never seen before used as a competitive advantage. Imagine now Realtors can send pictures to a Crowd Source group to capture room color, type of floor, how many windows, kitchen sink style and more. Working this data with predictive analytics can now show which homes may sell quicker and for more money.

Learn More


Virtual Client Folder is an all-inclusive document management, new business processing and document delivery solution.

Learn More


Email encryption is a reality today, so why not use the most compliant service that doesn't require logins or passwords.

Learn More

Internet Express

Internet eXpress was designed to be the internet version of Federal Express, simply, the electronic alternative.

Learn More

Capture Place

main doccapture

The Capture Place (TCP) is a set of applications with which end users and business applications can collect electronic documents.

Learn More

About PaperClip

Established in 1991, PaperClip Incorporated develops and markets products and services that enable effective communications within a company and with third parties. Through innovative solutions, PaperClip helps customers solve operational problems and reduce overhead associated with the capture, management, transmission, and storage of paper, images, faxes and reports.

PaperClip empowers companies to efficiently and securely communicate across the Internet, in a straight-through processing model, decreasing the cost and time to process documents by an order of magnitude. The company’s mission is to create electronic document solutions that enable the business document to remain in digital format for its life cycle. Thanks to its cutting-edge line of products and services, today companies can go paperless in a matter of hours.

PaperClip Incorporated has a customer base that ranges from small organizations to Fortune 1,000 multinationals in a wide range of industries, with a concentration in healthcare, insurance, and financial services. Today, PaperClip is poised to become the leading supplier of integrated document management (IDM) and Internet business-to-business (B2B) document delivery solutions focused in the “straight-through processing” market.


Our Team

William Weiss
Chief Executive Officer

William is the co-founder of PaperClip Incorporated. His experience stems from over 35 years in the technology industry. Previously, he was founder and president of Medical Registry Services, an organization that specializes in systems for cancer record-keeping in hospitals. He has also held numerous senior management positions at companies such as Numerax and Automatic Data Processing.

PaperClip CEO and Co-Founder discusses the foundation of PaperClip, Inc.

D. Michael Bridges

Since 1995, Mike has served as President, Vice President of Marketing and Sales, Director of Corporate Services, and Consultant for PaperClip Incorporated. In his current role, he is responsible for strategic direction, operations, and corporate communications. Prior to joining PaperClip Incorporated, Mike was the Executive Vice President and co-founder of CMF Design System, a custom software and systems integration firm. Mike received a Bachelor of Science from Rowan University and served as a Captain in the United States Marine Corps.

A discussion of PaperClip's Document Management Solutions and their evolution over time.

How an analog paper based system lead to a digital platform and on to Mojo.

Michael Suleski
VP of Development

A visionary and co-founder of PaperClip Incorporated, Mike is responsible for product conception, design and software engineering. With over 30 years of software development experience, he has developed software products and systems for Synercon Corporation, Henderson Industries, Singer/Kearfott and Pyrotronics. He received his Bachelor of Science in Electrical Engineering and Master of Science in Computer Science from Fairleigh Dickinson University.

Discusses the development methods used to maintain and expand our services.

Suzanne G. Tuck
VP of Sales

Since joining PaperClip Incorporated in February 1996, Suzy has spearheaded the company’s successful business development efforts. Prior to joining PaperClip, she served as Sales Manager for Anacomp, a Fortune 1000 company delivering micrographics and COLD hardware, software, and service solutions. She also served as Software Manager and Senior Systems Analyst for Datagraphix, and was a Senior Systems Analyst for Nixdorf Computer Corporation. Suzy received a Bachelor of Science in Computers and Information Systems from Tulane University.

Our sales staff discuss the Mojo project.

Scott Smith
VP of Professional Services

In 1994 Scott began his career at PaperClip in helpdesk support and was quickly promoted to support group leader to include professional services. Today Scott is the Vice President of Professional Services managing the design, deployment and operations of the PaperClip data centers. Prior to PaperClip Scott worked as Field Service Technician for Tandy Computer Services. Scott studied Electronics Engineering Technology at DeVry University in Atlanta, Georgia.

Professional Services discuss data center opperations and the benefits of the Azure platform.

Mitchell Mond

Mitch joined Paperclip in 2015 and is responsible for the software development, product content and operations of the Mojo product. Prior to joining Paperclip Mitch worked for Ness Technologies for over 15 years in positions including VP of Development and VP of Sales. He also worked for IBM as a software development manager. Mitch has an MBA in Finance from Fairleigh Dickerson University and a BS in Computer Science and Applied Mathematics from State University of New York at Albany.

PaperClip CIO and Mojo Project Leader discusses the Mojo project and it's use of the Azure platform.

Event Calendar

Industry Shows and Webinars

Mon Tue Wed Thu Fri Sat Sun

Recent Press

Press Page

Cyber Attacks: Protecting Your Business

Jan 14, 2014
Mike Bridges

I'm here to tell you that all good cyber security strategies begin with a plan.

The frequency of online attacks against U.S. business continues to increase, along with the cost of defending against those attacks and
mitigating any resulting data breaches. Cyber-crime now costs a U.S. business $8.9 million per year, an increase of 6% from 2011 and 38% from 2010. Those findings come from the “2012 Cost of Cyber Crime Study,” which was sponsored by security intelligence tool vendor HP and released Monday (10/8/2012) by Ponemom Institute.

The average breach costs $214 per record compromised; another cost factor is that it’s taking businesses longer to respond to security breaches. On average, it now takes a business 24 days to spot and resolve an attack, although some cleanup operations extended to 40 days. On average, each cleanup cost $592,000, a 42% increase from the average reported in 2011 of $416,000. (Ponemon Institute and Hewlett Packard- 2013).

As the number of cyber attacks on financial institutions continues to increase, it is critical to protect your business. Cyber Security begins with a plan. This plan should be developed based on the requirements and risk of protecting third party Non Public Information (NPI). Requirements are driven by federal, state and self-regulatory organizations (SRO) representing the best practices and minimum techniques used to protect NPI and the account of its use. Risk is the harm lost NPI can do to an individual, family or company when used to conduct crime.

Cyber-crime can fall into two categories-Active and Passive Cyber-crime. Active is when the crime attacks a target directly. Examples of this include: identity thief, credit card fraud, processing platform takeover and website shut downs. Passive attacks listen to the party line (Internet) to collect information, which is not public, intercepting executive communications on financial decisions, intellectual property, legal strategies or summarized as “the stock tip”.

Financial Institutions need to protect their NPI from potential cyber threats, which includes the mortgage industry. The mortgage industry can learn from other industries that are highly regulated and handle a great deal of NPI. This includes areas such as, the life Insurance and securities industries, which have a significant amount of requirements to comply with compared to any other industries.

Agents, Advisors, BGA, BD, Medical Service providers and Carriers handle NPI, PPI, financial, medical, educational information for which they are accountable for.

The below is to help your organization build a simple but effective security plan. A plan that will make you focus on your internal technology and controls for an internal operation or a good check list for working with a Cloud vendor to enable compliance. Remember, you can outsource the technology or process, but not the liability.

This is only a guideline for educational purposes; for a complete Cyber Security evaluation, please contact a certified Service Organization Controls third party evaluator.


Establish a Security Officer responsible to the company to oversee this process. At least one member should be an officer of the company (executive oversight). This individual needs to define and document its policies for the security of its system. Security policies are established and periodically reviewed and approved by a designated individual or group.

The entity’s security policies include, but may not be limited to, the following matters:


Classify data based on its criticality and sensitivity and that classification is used to define protection requirements, access rights, access restrictions, retention and destruction requirements.


Identify and document the security requirements of authorized users. Know who is authorized to add, change, communicate and delete NPI. Roles are a common practice in defining access privileges.

Assessing risks on a periodic basis. Organizations add or change how NPI is accessed (Social media, Emailed, twitter, etc.) and should address the new risk and its solutions or policy change.

Preventing unauthorized access. Determine User’s use of login and password, sharing of the same is not a good thing. Also, assess who has User access authority. When adding new users, modifying the access levels of existing users, and removing users who no longer need access.

Any good plan should include assigning responsibility and accountability for system security. What should this cyber security expert do?
Here’s some tips:

Any potential system changes should go through this individual and get this person’s approval before the change goes live. You need to assign responsibility and accountability for system changes and maintenance. Testing, evaluating, and authorizing system components before implementation is critical. Address how complaints and requests relating to security issues are resolved, as well.

In addition, users with access to NPI need to read and sign a privacy agreement. As such, users agree to keep NPI confidential or face loss of access and possible termination. Users with access to NPI should have a third party review of their background.

Your company also needs to communicate its defined security polices to responsible parties and authorized users. You should have an objective description of the system and its boundaries. Further, that description needs to be communicated to all users. The process for informing the entity about breaches of the system security and for submitting complaints is also something that needs to be communicated to authorized users. Changes that may affect system security and fully communicated to management and users who will be affected.


Procedures need to exist to restrict access to the defined system. For example, you need security measures to restrict access to information resources not deemed to be public. Identification and authentication of users also has to happen. Further, you need full registration and authorization of new users. Restriction of access to offline storage, backup data, systems, and other system components such as firewalls, routers, and servers should also be part of any plan.


When outsourcing your business platform it’s important to know what outsourcing are you entering into; public cloud or private cloud. Public cloud is typically where you are using their application maintained in a computing environment completely under the vendor’s control (Redtail. com,, AgencyWorks, etc.). Private cloud vendors can come in two flavors, co-location or vendor provided. Co-location means the data center provider supplies a secure area (cage) where you provide all the hardware and software required to maintain the business platform. Vendor provided means the data center provider supplies all of the hardware and you provide the software to run. Depending on the relationship you enter into, compliance remains your responsibility.

Typically when obtaining Cyber Insurance the insurer will request all third party providers that have potential access to NPI to show they meet technology compliance. Most cloud providers that have engaged a third party CPA firm, which conducted audits of vendor’s policies, procedures and controls to ensure compliance.

As we continue to talk about creating a cyber security plan, we have to touch on infrastructure and systems management.The potential privacy impact is assessed when new processes involving personal information are implemented, and when changes are made to such processes (including any such activities outsourced to third parties or contractors), and personal information continues to be protected in accordance with the privacy policies. For this purpose, processes involving personal information include the design, acquisition, development, implementation, configuration, modification and management of the following:

  • Infrastructure
  • Systems
  • Applications
  • Websites
  • Procedures
  • Product and services
  • Databases and information repositories
  • Mobile computing and other similar electronic devices


Whether you outsource or insource, a minimum third party audit you should conduct is a Penetration Test conducted by a reputable group. These Penetration Test (Pen Test) attempt to break through your security and provide feedback on areas you should correct. If your information is accessible via the Internet, it is highly recommended that you conduct Pen Testing annually.


Companies that maintain NPI must publish to the public your commitment to secure the same. If any information is used outside of the processing you are providing (e.g., selling mailing list names collected) you must disclose that practice in your public notice.


Clean Desk and Clear Screen (CDCS) Policy ISO 27001/17799 are simple steps intended to protect NPI when you are not present in the office. Clear desk and clear screen policy are used to reduce the risks of unauthorized access to, or loss of, or damage to, information. This requirement should be contained in the user access authorization document.

  • Ensure that appropriate facilities are available in the office in which, depending on their security classification, computer media (disks, tapes, CDs) and paper files can be stored and locked away, including lockable pedestals, filing cabinets and cupboards.
  • Sensitive information should be locked away in a fireproof safe (and the security adviser will have to access the fire resistance of the safe in terms of the sensitivity of the information inside it and its location in order to ensure its survival for long enough to be rescued).
  • Personal computers, computer terminals and printers should be switched off when not in use and should be protected by locks, passwords and the like.
  • Everyone should be required to use password protected screen saver that automatically fires up after only a few minutes (between three to five is reasonable) of inactivity.
  • Incoming and outgoing mail collection points should be protected or supervised so that letters cannot be stolen or lost, and faxes and telexes should be protected when not in use.
  • Photocopiers should be switched off and locked outside working hours; this makes it difficult for unauthorized copying of sensitive information to occur.
  • All printers and fax machines should be cleared of papers as soon as they are printed; this helps ensure that sensitive documents are not left in printer trays for the wrong person to pick up.

Moving on, we have to discuss the Red Flag Rule, which requires many businesses to develop and implement a formal, written Identity Theft Prevention Program for the purposes of detecting the warning signs, or “red flags”, of identity theft throughout their day-to-day operations. Here’s what else you need to know:

The first step is to identify the relevant red flags you might come across that signal that people trying to get products and services from you aren’t who they claim to be. The second step is to explain how your business or organization will detect the red flags you’ve identified. The third step is to decide how you’ll respond to any red flags that materialize. Do you use service providers who might detect any of the red flags you’ve identified? For example, if you hire a company to handle your Part Two Call Center activities talk to them to see that they’re following your Program or have their own that complies with the Red Flags Rule.


Most corporate liability insurance policies do not cover losses due to cyber-attacks, errors or omissions. Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce has described cyber insurance as a potentially "effective, market-driven way of increasing cyber security" because it may help reduce the number of successful cyber-attacks by promoting widespread adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; and limiting the level of losses that companies face following a cyber-threat.


Last but not least, encrypt at rest, in transit and include a process for data and hardware destruction. Your greatest hope for protecting NPI is encryption. Most laws and regulations will ignore encrypted data if compromised; they call this “Safe Harbor.”

We all have the responsibility to protect and account for the use of NPI. Whether you’re paper or electronic based with your processing, the laws and rules remain the same. Top down, focus on encrypting everything, getting cyber insurance, training and educating your employees, and complying with laws and regulations.



PaperClip Blog

Technology and Character Recognition

Monday, 13 February 2017
by Mike Bridges


Handwriting Recognition and Optical Character Recognition (OCR) have been around for decades and remained a less than effective solution for transcription to accurate data.  OCR even though starting in the late 1800s, took on practical application in the late 1950s.


Cyber Attacks in Financial Services

Monday, 10 October 2016
by Mike Bridges

Cyber criminals, Hackers and Governments continue to enhance their abilities to enter your computing environment.  The tools are becoming more sophisticated and their skill to go undetected is improving.  These attacks have methods where history shows “elevated privileges” is the primary objective.The end goal then is to steal, replace, hold hostage or destroy your data.  Now the problem, most if not all cyber defense tools and strategies are built to stop yesterday’s attack.  That why when I sit through conferences they always say the same thing, “It not a matter of if, it’s a matter of when”.



Need Support?
Need Sales?

web seal SOC2T2 145

Back to top