With many businesses moving more and more workloads to the cloud, the job of protecting and securing data from theft and loss is more important than ever. For those not yet dipping their toes in the big pool of cloud, leveraging a managed services provider to handle the day-to-day maintenance and availability of their systems has become commonplace. Whether self-managed, cloud-based, or outsources to an MSP. Businesses today face exposure and risk from the loss of key business data. With reputation and client trust on the line, the stakes have never been higher. Choosing the right cloud or managed service provider can provide businesses a great deal of benefit, helping strike a balance between the risks and costs of running a secure IT operation. At the heart of these efforts is ensuring that both internal and hosted services are housed in a data center with strict operating and compliance guidelines.
What is data center compliance and why is it something you should care about? Compliance may cause one to think of the Borg from Star Trek the Next Generation and assimilation into a rigid, controlling system. Actually, those thoughts aren’t too far from the truth: compliance typically refers to adherence to standards set by a number of regulatory agencies. For data center designers and operators who want to serve certain clienteles, resistance is indeed futile.
How does this apply to ScaleMatrix? Security and compliance regulations are critical aspects of the ScaleMatrix operating model, helping to ensure safe and secure hosting environments for our highly regulated client base. ScaleMatrix annually undergoes SSAE16 SOC 1 Type 2 and SSAE16 SOC 2 Type 2 compliance audits, in addition to a number of industry best-practice compliance certifications to ensure our operations meet even the strictest of standards. By doing so, we assist our clients with meeting their own operating and compliance guidelines.
The SSAE16 SOC 2 Type 2 framework is a reporting option specifically designed for entities such as data centers, IT managed services, Software-as-a-Service (SaaS) vendors, and other technology and cloud computing-based businesses. Type 2 reports sample data over a period of time versus using a single point in time, which is a more complete and thorough report. The SOC 2 framework addresses a comprehensive set of criteria known as the Trust Services Principles (TSP) that are composed of the following five (5) sections:
1. Security of a service organization's system.
2. Availability of a service organization's system.
3. Processing integrity of a service organization's system.
4. Confidentiality of the information that the service organization's system processes or maintains for user entities.
5. Privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
Both the SOC 1 and SOC 2 reports are Type 2 reports. Type 2 reports sample data over a period of time instead of using a single point in time, illustrating consistent compliance over time. ScaleMatrix exceeds the required 6 month minimum sampling period for data collected to test compliance for the year.
These reports help ScaleMatrix demonstrate consistent compliance with the tested security and operating method controls. ScaleMatrix holds PCI DSS v3 AoC and Merchant Level 4/SAQ C Self-Certification in addition to our SSAE reports. The Payment Card Industry Data Security Standard is followed by organizations that store, process, and/or transmit cardholder data. ScaleMatrix earned an SSL A+ rating through Qualsys SSL Labs for ScalePanel used by our clients and staff. We provide our customers with security and peace of mind when working in our web applications. SSL is the technology behind encrypting sensitive information on the Internet.
ScaleMatrix data centers and cloud infrastructure meet the most stringent requirements for compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a privacy rule that set national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. We comply with the rules that apply to our systems and levels of access. This helps our clients comply with portions of HIPAA that apply to them.
ScaleMatrix data centers employ a number of unique security protocols and technologies which help our clients comply with the most stringent of regulatory requirements. Combine those features with 24/7/365 armed security and mature operational controls; ScaleMatrix becomes a valuable asset and partner for clients in highly-regulated industries. Click here to learn more about ScaleMatrix' compliance program.