let Latisys help solve your compliance puzzle
In today’s digital age, information security is paramount and an extremely important criterion when deciding to outsource your infrastructure. Whether you are in the ecommerce business, if you host sensitive health or financial information, or if your organization simply demands the highest levels of security, you understand the role that compliance plays in demonstrating how you protect your data. At Latisys we understand the significance of meeting compliance regimes such as the Payment Card Industry’s Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability (HIPAA) HITECH Privacy Rule and the Gramm-Leach-Bliley Act (GLBA) otherwise known as the Financial Services Modernization Act of 1999. Our infrastructure is compliance-ready and has been tested/audited by a 3rd party to ensure that the appropriate physical controls and information security policies are in place to protect your data and meet these standards.
The latest service organization reporting standard, SSAE16, replaces the previous standard referred to as SAS70. The SSAE16 now produces multiple reports with varying levels of details surrounding the security controls employed by an organization. The SOC3 report which provides a general trust services summary can be downloaded here. The SOC2 report which provides much greater detail of each of the controls in place and the testing performed to validate them is available upon execution of a non-disclosure agreement. Latisys’ SSAE16 is validated across all Latisys facilities and covers both security and availability principles in detail.
For companies that transmit and store credit card holder data, adherence to the PCI DSS 2.0 is essential to business operations. Coalfire, an independent IT auditing firm, has audited Latisys’ policies and procedures for compliance with sections 9 (physical controls) & 12 (information security policies) of PCI’s DSS and produced a Report on Compliance (RoC) which can be made available upon execution of non-disclosure agreement. Latisys also offers a variety of managed services to assist in other areas of the standard if your needs dictate additional assistance managing security practices such as firewall, VPN and intrusion detection.
With the release of HIPAA’s omnibus rule in January 2013, the role of a service provider has become that much more critical for companies that host electronic private health information (ePHI). The omnibus rule implemented a number or provisions from HIPAA HITECH and expanded the scope of the breach notification process to contractors and sub-contractors of those who process ePHI. Latisys is audit-ready and has you covered with a comprehensive third party risk assessment against the Latisys infrastructure, physical access controls and policies to ensure that your business conforms to the requirements of this compliance regime.
The 1999 Gramm-Leach-Bliley Act was established primarily to enable consolidation among the financial services sector companies. But it also pursued enhanced protection of private consumer information disclosed to any financial institution. Hosting your infrastructure with Latisys means that your data will reside on an audit ready platform. A thorough third party risk assessment has been performed on this platform to ensure adequate controls and policies are in place to protect the data you host at Latisys.
Compliance Preparation Checklist
We've prepared a guide covering some of the basic information an organization should have before undergoing any sort of compliance audit. Download it here »
Ready to learn more?
Call 866-956-9594, chat live with a member of our team, or contact us to learn more..