Industry Compliance & Certifications
Industry Certifications and Compliance
As of April 2005, HIPAA’s security standards mandate that all health care providers establish a contingency plan to respond to any type of computer disaster involving potential data loss. Our technology complies with the following HIPAA requirements:
- User authentication
- Role based access
- Encryption of data (AES128, AES192, AES256 bit encryption)
- Offsite data storage outside of the organization
- Secure storage facilities
- Transmission Reports
Our Internet Vaulting solution is completely secure and can protect your organization in the case of any type of data loss.
SSAE 16 Type II
Our technology and services are SSAE 16 Type II compliant in accordance with the AICPA (SOC) framework.
What is SSAE 16 Type II Compliance?
SSAE 16 is the professional standard used for issuing SOC 1 reports, which consists of SOC 1 (SSAE 16) along with SOC 2 and SOC 3 (AT 101) reporting. The SSAE 16 standard effectively replaces the aging and antiquated SAS 70 auditing standard that has been in use for approximately twenty years.
You can find out more about this new standard of compliance here.
SSAE Type II compliance means that you can have complete confidence that your data resides within a facility which employs stringent internal business processes and IT controls for the services provided.
What is the certification for Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Modules In Process List?
Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies of both the United States and Canada for the protection of sensitive information. The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS)140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards.
Our technology passed rigorous security standards using independent, accredited Cryptographic and Security Testing (CST) laboratories to test our modules against requirements found in FIPS PUB 140-2, Security Requirements for Cryptographic Modules. These requirements cover 11 areas related to the design and implementation of a cryptographic module. NIST’s Computer Security Division (CSD) and CSEC jointly serve as the Validation Authorities for the program, validating the test results and issuing certificates.
Our data center is CICA 5970 Type B certified by SAS 70 International.