Data Foundry has made the investment in critical infrastructure, tools, services and personnel required to achieve regulatory compliance with SSAE 16, HIPAA, and the US-EU Safe Harbor. Our compliance reflects our commitment to support the highest standards for business process control, data security, and privacy.
SSAE 16 SOC 2 Type II Data Center Compliance
Data Foundry’s Austin data centers – Texas 1 and ADC – are SSAE 16 Type II compliant, having successfully completed the rigorous independent audit required of the newer SSAE 16 standard. This means you can have complete confidence that your critical data and infrastructure is in a facility which employs stringent internal business processes and IT controls for the services provided.
The Statements on Standards for Attestation Engagements (SSAE 16) is an attestation standard established by the AICPA to report on the controls and services provided to customers. As opposed to the SAS 70 audit standard, compliance with the SSAE 16 attestation standard requires the data center’s management to provide a written assertion about the fair presentation of the system’s design, controls, and operational effectiveness. This statement, along with an independent auditor’s evaluation of controls like Data Foundry’s organization, security and change management systems, are considered when determining SSAE 16 compliance.
The Service Organization Control (SOC) 2 is a mechanism for service organizations to report on the design and effectiveness of their security policies, communications, procedures and monitoring. As an SSAE 16 SOC 2 Type II certified company, Data Foundry has been audited by a third party organization on our control activities related to:
- Security: Data Centers are protected against unauthorized access (both physical and logical)
- Availability: The system is available for operation and use as committed or agreed
As an operator of SSAE 16 compliant data centers, Data Foundry understands the rigors required to achieve and maintain strict compliance standards for the protection of data. Data Foundry is HIPAA compliant under its SSAE 16 controls for the storage and processing of data using its managed services and data center infrastructure. Data Foundry has a long and successful history of serving HIPAA compliant customers in the healthcare industry. If you are required to be HIPAA compliant, you will want a data center partner that understands your requirements. Data Foundry has nearly twenty years of experience protecting the security and privacy of our customers’ data.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to ensure health insurance portability when workers change or lose their jobs as well as protecting the security and privacy of sensitive health information. HIPAA contains two rules, the Privacy Rule and the Security Rule. These rules establish national standards for how companies are required to protect the confidentiality, availability, and integrity of sensitive health information. The HIPAA Privacy Rule was updated in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH sets clear guidelines for proper interaction with health information, expands the liabilities of companies that are subject to oversight, increases fines for non-compliance, and enables more stringent enforcement.
US-EU Safe Harbor Compliance
Data Foundry has been a member of the US-EU Safe Harbor since 2008. The US-EU Safe Harbor was established as an option under the 1998 European Commission’s Directive on Data Protection. As a member of the Safe Harbor, Data Foundry expresses its ongoing commitment to privacy and the desire to ensure smooth interaction for and with customers in the United States and Europe.
The US-EU Safe Harbor framework was approved by the European Union in 2000 as a way for US companies to verify that their privacy policies meet the standards established by the European Commission. The European Union’s approach to privacy protection is different from that of the United States. It is these differences which can result in complications for US business dealings with the EU. Under Safe Harbor, US companies are certified by the EU as providing acceptable privacy protection as defined by the European Commission.