Compliance in the Cloud
We comply with the standards and regulations set forth in the respected industries. We have established our data encrytion, protocols, and procedures to follow the top compliances and ensure that our customer data is secure and confidential.
What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and effectiveness of the health care system. As such, it requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers.Recognizing that electronic technology could erode the privacy of health information, the law also incorporates provisions for guarding the security and privacy of personal health information. It does this by enforcing national standards to protect:
- Individually identifiable health information, known as the Privacy Rule.
- The confidentiality, integrity and availability of electronic protected health information, known as the Security Rule.
What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
Who is affected: Retailers, credit card companies, anyone handling credit card data.
What it covers: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
Who is affected: U.S. public company boards, management and public accounting firms.
What it covers: Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011.
Who is affected: Payroll Processing, Loan Servicing, Data Center/Co-Location/Network Monitoring Services, Software as a Service (SaaS), Medical Claims Processors
We deliver nothing but the highest quality protection for your data and information. We've equipped ourselves with the best in breed data centers to hold your sensitive information for safe, encrypted storage in our SAS70, SSAE 16 Tier 3, Class 1 Data Centers.
- Transport/Access: Cisco Routers & Firewalls with encryption- 256k
- Infrastructure: IaaS Enterprise Virtual Firewall or customer-owned device
- Storage: NetApp Encryption- all data encrypted in flight and at rest. All SANS have SED's (Self Encrypting Drives)
- CloudOffice: End-user password strength/resets
- Facilities: Our data centers are engineered to the highest of standards in order to assure your business is running 24x7x365. Security includes keycard protocols, biometric scanning, around-the-clock interior and exterior surveillance and on-site guards. All cages are secured and locked. Only authorized data center personnel are granted access credentials to the facilities and every data center employee undergoes multiple and thorough background security checks before they're hired.
- Environmental Controls: Every data center's HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure.Every 90 seconds, all the air in our data centers is circulated and filtered to remove dust and contaminants. Our advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.
- Network: Our network leverages Savvis, which is now CenturyLink, global network IT infrastructure, which is one of the nation's largest carrier service infrastructures. Our data centers feature full redundancy and best-of-breed solutions from leading enterprise technology companies, including Cisco, Citrix, HP, Microsoft, NetApp, and VMware.
In the past, the healthcare industry has been slow to transition to new technology due to fear of inadequate security and the time it would take to switch. Our compliance in the cloud ensures that it's an easy transition, and a reliable one. Our solutions are compliant with various healthcare regulations, including HIPAA. We also provide additional benefits that healthcare providers rarely consider. Doctors can more easily stay connected with their patients, as well as improve collaboration with each other. Simple tasks that used to be a hassle, such as making referrals or completing patient history, can be completed in no time, allowing doctors to focus their whole attention on the patients. After all, that's how it should be.
A huge concern for the financial industry when it comes to the cloud is security, but our solution allows you to experience encrypted information, Tier 3, Class 1 data centers and limited access credentials for that confidential data. Our compliance with regulations like Sarbanes-Oxley make it easier than ever for financial businesses to move to the cloud. And with this tight security in place, financial businesses can explore the ease of completing everyday tasks like customer billing or interaction. Our cloud aims to reinvent the way the financial world functions, and with benefits like these, we're already halfway there.
Government organizations rely heavily on the ability to store large quantities of files for long periods of time. This data needs to remain accessible and absolutely secure. It may seem like that's asking a lot, but with the cloud, it's really not. Our solutions comply with PCI DSS, FISMA and FRCP, so even organizations with top-secret information can feel secure. We allow for the most advanced backup, failover, recovery and computing to be accessible for any organization, including government ones that rely on security. Not only will confidential data remain safe and constantly accessible, but our solutions are scalable so you can just keep storing more and more without worry.
The innovative CloudCompliance tool is a user-friendly Web-based portal software solution which offers its clients an easy, affordable way to prove they are in compliance with the standards and regulations of the industry they service. By setting up activities consisting of work flow-enabled tasks to track completion and pass/fail with audit trails, clients can provide auditors with timely reports generated from within the tool which will eliminate numerous man hours typically required for audit preparation. Once the events are tracked, they cannot be tampered with, destroyed, or in any way altered. In addition, CloudCompliance can be used to organize and maintain critical documents for immediate access as it relates to the company work flow.