Compliance and Security

A Robust and Safe Foundation to Protect your Digital Assets

Our security and compliance experts proactively partner with your management to solve your technical challenges, so you do not have to worry about it. We monitor and manage your systems, provide personal support 24x7x365, and are always available directly by phone. Our data centers are equipped with badge/photo ID access, biometric access screening, and full-building video capture.

Our data centers, IP backbone and all operations are continuously audited under SSAE-18 SOC-2 Type II and ISO 27001 Standards. In addition, key technical staff and managers are ITIL certified.

We provide HIPAA and PCI-DSS compliance ready services to our customers who carry out mission-critical projects to meet their regulatory and security requirements.

Our Compliance-Ready Secure Services

  • Redundant Perimeter Firewalls
  • Intrusion Detection Systems (IDS)
  • Intrusion Prevention Systems (IPS)
  • Dedicated or Network-wide firewalls
  • Redundant Load Balancers that act as a reverse proxy filter for malicious traffic
  • SSL offloading with IDS/IPS behind SSL traffic
  • Host-based intrusion prevention
  • Web application firewalls on all public-facing web services
  • Segregation of web and database servers
  • Enterprise antivirus protection
  • Two-factor authentication
  • Restrictions on physical access to data center
  • File integrity monitoring
  • Data classification policy
  • Encrypted data transfers
  • Monthly third-party vulnerability scans
  • Log management

Our Compliance Certifications

SSAE-18 SOC-2 TYPE II
AUDITED – FACILITIES,
NETWORK & OPERATIONS

Our data centers and coast-to-coast IP backbone are continuously independently audited under SSAE-18 SOC-2 Type II. By achieving complete SSAE-18 compliance (audit reports with zero exceptions are available upon customer request), we have demonstrated that effective control objectives, and control activities are in place throughout the organization. Our SSAE-18 compliant operations allow enterprise organizations to achieve compliance and to incorporate our SSAE-18 audit report in their audited financial statements, if required by their auditors.

SSAE-18 compliance controls for our hosting environment

  • Facilities and asset management
  • Logical access and access control
  • Network and information security
  • Computer operations
  • Backup and recovery
  • Change and Incident Management
  • Organizational and Administrative Controls
  • Security policies, Reporting, and Monitoring
  • Physical and Logical Security

SSAE-18 compliant cloud hosting
features:

  • SSL offload capability
  • Enterprise-level, application-level protection
  • Hardware firewalls
  • IP and port restricted access
  • Multiple levels of segregated access
  • Managed backups and retention
  • Advanced monitoring
  • Multi-level intrusion detection & prevention
    (IDS/IPS)

ISO 27001 CERTIFIED IN 2010,
2015, 2020 – FACILITIES,
NETWORK & OPERATIONS

ISO 27001 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. These international standards ensure all our solutions and operations have Quality Management System (QMS) processes and controls in place, and that everything is covered by a thorough Information Security Management System (ISMS).

PCI-DSS COMPLIANCE-READY
SERVICES

All our facilities, services, and processes are PCI-DSS compliant; developed specifically to keep your customers’ payment card data and the entire hosting environment, facilities and network, secure. By handling sensitive personal data in a responsible way, we help enterprises that accept, store, and/or process credit cards to achieve and maintain 100% compliance with PCI-DSS 2.0 standards.

PCI Compliant Security Features and Services

  • Thorough Access Control and Physical Security
  • 24x7x365 Data Center on-site staffing and monitoring
  • Physical environment has restricted access and man-traps
  • Surveillance monitoring with video retention
  • Log Maintenance and Process Management
  • Log storage and customizable retention
  • Systems Monitoring and Testing
  • IDS (Intrusion Detection Systems)
  • Real-time security event notifications
  • Network security scans
  • IP logging
  • Two-factor authentication
  • SSL certificates with extended ID validation
  • Hardened Solutions
  • Antivirus protection
  • Network-Wide Firewalls
  • Web application firewalls
  • Continuous patching and maintenance
  • Web servers separated (logically and physically) from database servers
  • Port control – unnecessary ports are closed
  • Strong encryption during data transfer and transmission
  • Redundant power and cooling
  • 100% Uptime Network & Facilities

HIPAA COMPLIANCE-READY
SERVICES

Our HIPAA (Health Insurance Portability and Accountability Act) compliance-ready solutions provide secure cloud and data center hosting practices to help healthcare providers achieve HIPAA compliance. One of our specialties is helping healthcare enterprises achieve and maintain HIPAA security requirements.

Our HIPAA Compliant Services:

  • Commercial, business web application hosting for healthcare professionals
  • Internet/Hosting infrastructure for medical SaaS (software-as-a-service) providers
  • HIPAA-compliant colocation, dedicated and private cloud hosting environments
  • Intranet and extranet hosting in virtual private environments
  • Hosting for medical billing systems and web-based patient management systems

Our HIPPA Focused Security Solutions:

  • Web Application Level Protection
    • Helps detect and contain undesirable traffic on public networks
    • Helps prevent malware invasions like viruses, worms, and trojans
    • Helps stop hacker attempts like SQL injections and XSS (Cross-Site Scripting) attacks
    • Customizable security rules ensure WAF is calibrated to protect your unique vulnerabilities
  • Application Level Monitoring and Intrusion Detection
    • Alerts administrators and managers every time files, directories, or hardware are accessed, and by whom
    • Detects active hosts, bad logon attempts, and inappropriate content
  • Disaster Recovery with HIPPA Compliant Encryption
    • Managed backup snapshots with retention
    • Provides data encryption at rest in storage
    • Requires a “key” to securely decrypt the data from backup
  • Virtualized HIPAA Compliance Architecture
    • Provides separate and privatized web application and databased hosting environments
    • Makes creating a development/beta testing environment affordable
    • Runs on enterprise level hardware
    • Forces password expiration and enforces password strength
    • Automates SSH & RTD timeouts
  • HIPAA Compliant System Architecture
    • Separate web and database environments
    • Exclusive environment for development, separate from production environment
    • Password expiration and ensured password strength
    • Automatic SSH & RTD timeouts
    • Log retention
    • Provides a valuable, detailed audit trail during a forensic investigation
  • Managed Patching, Version Control, and Security Updates
    • Upgrades operating system automatically, and applications on request
    • Provides support for Linux and Windows OSes
    • Alerts administrators when security vulnerabilities are detected
  • Physical and Logical Security
    • Includes stringent data destruction policies
    • Controls data movement inside and outside of our facilities
    • Records any changes to the hosting environment
    • Secures the data center environment with man-traps, surveillance, and controlled access
  • Vulnerability Scanning
    • Tests all services, virtual domains, ports, and IP addresses for 10,000-plus known vulnerabilities every day; delivers a detailed notification every time a vulnerability is found

Some Client Love

“You provided diverse connectivity in support of the underlying network, along with management and maintenance of the highest levels.”
~ Lori Dickneite, Network Services Manager, King County
“We realized that the people who were interacting with us were great at technology, they understood our requirements, relate to what we needed and came up with the best possible solution based on our specific needs.”
~ Brian T. Wolfinger, Vice President of Technology, LDiscovery
“In addition to the security and infrastructure of the site, the most important selection factors were customer service, cost, and reliability. You provided exactly what we wanted.”
~ Howard Epstein, CTO, Standard Technology

Ready to learn more?

GET IN TOUCH