Infrastructure Built Specifically to Protect Your Business
Meeting the Strictest Compliance & Security Standards
MANAGED BY SECURITY AND COMPLIANCE EXPERTS
Our infrastructure – our data centers, IP backbone and all operations – are continuously audited under SSAE-16 SOC-1 Type II, ISO 9001:2008 and ISO 27001:2013 standards, and we are Certified & Registered within the rigorous standards of the International Standards Organization by an ANAB and UKAS accredited Registrar. In addition, key technical staff and managers are ITIL certified.
Our certified and customer compliance-ready technologies and operations provide a comprehensive, highly compliant full service array, from secure, certified and compliant colocation, IP transit, cloud computing, through to fully managed services that can help customer entities be FISMA, HIPAA, PCI-DSS and other customer-organization-level standard compliant.
Let our dedicated IT security & compliance experts develop a world’s toughest standards certified and customer-organizational-level compliance-ready solution to secure your network, protect your data, and help you meet all your regulatory compliance & security requirements.
We offer a wide array of compliance-ready, secure services which include, but are not limited to, the following:
- Redundant perimeter firewalls
- Intrusion detection systems (IDS)
- Intrusion prevention systems (IPS)
- Dedicated or network-wide firewalls
- Redundant Load Balancers that act as a reverse proxy filter for malicious traffic
- SSL offloading with IDS/IPS behind SSL traffic
- Host-based intrusion prevention
- Segregation of Web and database servers
- Web application firewalls on all public-facing Web services
- Enterprise antivirus protection
- Two-factor authentication
- Restrictions on physical access to data center
- File integrity monitoring
- Data classification policy
- Encrypted data transfers
- Monthly third-party vulnerability scans
- Log management
SSAE-16 SOC-1 TYPE II AUDITED FACILITIES, NETWORK & OPERATIONS
Our data centers and coast-to-coast IP backbone are continuously independently audited under SSAE-16 SOC-1 Type II (formerly SAS-70). By achieving complete SSAE-16 compliance (audit reports with zero exceptions are available upon customer request), we have demonstrated that effective control objectives, and control activities are in place throughout the organization. Our SSAE-16 compliant operations allow enterprise organizations to achieve compliance and to incorporate our SSAE-16 audit report in their audited financial statements, if so required by their auditors.
Here are some examples of SSAE 16 compliance controls our secure hosting environment supplements:
- Facilities and asset management
- Logical access and access control
- Network and information security
- Computer operations
- Backup and recovery
- Change and incident management
- Organizational and administrative controls
- Security policies, reporting, and monitoring
- Physical and logical security
SSAE 16 compliant cloud/hosting features:
- SSL offload capability
- Enterprise-level, application level protection
- Hardware firewalls
- IP and port restricted access
- Multiple levels of segregated access
- Managed backups and retention
- Advanced monitoring
- Multi-level intrusion detection & prevention (IDS/IPS)
ISO 27001:2013 & ISO 9001:2008 CERTIFIED & REGISTERED FACILITIES, NETWORK & OPERATIONS
Our data centers, coast-to-coast IP backbone and operations are ISO 9001:2008 and ISO 27001:2013 Certified & Registered by ANAB and UKAS accredited Registrar, NQA, under the stringent standards and supervision of the International Standards Organization, thus demonstrating our complete and unwavering adherence to these strict global standards for our quality & information security management systems. These international world-standard certifications ensure all our solutions and operations have Quality Management System (QMS) processes and controls in place, and that everything is covered by a thorough Information Security Management System (ISMS).
ISO 27001:2013 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is a specification for an Information Security Management System (ISMS). An ISMS is a systematic approach to managing sensitive systems and information so that they remain secure. It includes people, processes, networks and IT systems by applying a comprehensive, detailed security and risk management process throughout. It helps us keep our and customer systems and information assets, such as financial information, intellectual property, and other data, secure, through a rigorous, company and all locations and disciplines wide security program, which undergoes ongoing internal and external detailed audits. Organizations that meet the standard have been thoroughly (on-site and at all locations) audited by the Registrar’s auditors and certification committee, whose audit, in turn, is audited by the UKAS, who ultimately make the decision whether to certify the said organization. The accreditation provides our customers with verifiable, independent third-party, multi-step audited assurance of thorough ISMS applied to all of our operations.
ISO 9001:2008 specifies requirements for a Quality Management System (QMS) where an organization needs to demonstrate its ability to consistently provide product and service that meets customer and applicable statutory and regulatory requirements. We aim to enhance our customer satisfaction through effective and thorough application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. Being ISO 9001:2008 Certified and Registered means that the Registrar’s auditors and certification committee have performed thorough on-site audits, reviewed our records and interviewed our staff, to ensure that the processes influencing quality within our organization conform to the relevant standard’s requirements and are consistently and thoroughly applied at all locations, in all instances, and by all staff. The Registrar’s audit, in turn, is audited by ANAB, who makes the final decision whether to award Certification & Registration. The primary objectives of ISO 9001:2008 are to give our management and our customers confidence that we are always in control of the way we do things, that thorough change control processes are in place, that all steps of service delivery are thoroughly documented, that any issues are immediately escalated and resolved, and that continual improvement is always in place.
All of our operations (headquarters and all three data centers, and our coast-to-coast IP backbone) and services are ISO 9001:2008 and ISO 27001:2013 Certified & Registered.
You are invited to review our ISO 27001:2013 and ISO 9001:2008 Certificates of Registration:
- ISO 27001:2013 Certificate of Registration (DCA2)
- ISO 27001:2013 Certificate of Registration (DCA3)
- ISO 27001:2013 Certificate of Registration (SEA2)
- ISO 9001:2008 Certificate of Registration (All locations)
For more information on the ISO 27001:2013 standard, please visit www.iso.org/iso/home/standards/management-standards/iso27001.htm.
For more information on the ISO 9001:2008 standard, please visit www.iso.org/iso/home/standards/management-standards/iso_9000.htm.
PCI-DSS COMPLIANCE-READY SERVICES
When companies collect customers’ payment card information, PCI-DSS compliance and certification is required by all merchant card processors, in order to ensure the security and integrity of customers’ credit card data. All of our facilities, services and processes are PCI-DSS compliant, developed specifically not just to keep your customers’ payment card data, but the entire hosting environment, facilities and network, secure. By handling sensitive personal data in a responsible way, we help enterprises that accept, store, and/or process credit cards to achieve and maintain 100% compliance with PCI-DSS 2.0 standards.
Our secure cloud platform and hybrid cloud capability (i.e., to use a public cloud in conjunction with a private cloud or isolated dedicated highly secure servers) gives e-Commerce retailers an affordable, compliant way to segment public website files from confidential database files and restrict access from the Internet and unauthorized personnel. In addition, we are there every time your hosting environment needs a “checkup” by assisting with network scans as prescribed per your QSA. If you subscribe to our fully managed service, we will also provide log data and audit trails on your behalf when your need to respond to any forensic inquiry.
Our PCI 2.0 compliance-ready hosting services provide a protective, scheduled hosting environment for each secure cloud or server. The intrinsic qualities of our secure cloud hosting environment fulfill the PCI DSS requirements. Partnering with us to achieve PCI compliance can significantly reduce the costs and time it takes to obtain a Report on Compliance.
Some of our security features and services available that help to ensure PCI 2.0 compliance:
- Thorough Access Control and Physical Security
- 24x7x365 Data Center on-site Staffing & Monitoring
- Physical environment has restricted access and man traps
- Surveillance monitoring with video retention
- Log Maintenance and Process Management
- Log storage and customizable retention
- Systems Monitoring and Testing
- IDS (Intrusion Detection Systems)
- Real-time security event notifications
- Network security scans
- IP logging
- Two-factor authentication
- SSL certificates with extended ID validation
- Hardened Solutions
- Antivirus protection
- Network-Wide Firewalls
- Web application firewalls
- Continuous patching and maintenance
- Web servers separated (logically and physically) from database servers
- Port control – unnecessary ports are closed
- Strong encryption during data transfer and transmission
- Redundant power and cooling
- 100% Uptime Network & Facilities
HIPAA COMPLIANCE-READY SERVICES
Our HIPAA compliance-ready solutions provide secure cloud and data center hosting practices to help healthcare providers achieve HIPAA compliance. One of our specialties is helping healthcare enterprises achieve and maintain HIPAA (Health Insurance Portability and Accountability Act) security requirements.
Our secure hosting practices provide a safe, compliant hosting environment for critical web applications within healthcare providers’ networks. We handle the data center facility and network aspects of compliance requirements and let medical practitioners focus on what they do best, providing excellent patient care. Enterprise-grade private cloud provides the best of both worlds: a highly cost efficient virtualized environment, coupled with full physical isolation. Added features such as application level firewall protection help doctors, service providers, and private healthcare businesses adhere to HIPAA regulations. Our multi-layered security platform, combined with an enterprise-grade hosting environment, helps protect your PHI data and allows your hardware, software, databases, and security, working to ensure that you have HIPAA compliant hosting.
We work with billing companies and insurance providers, as well as medical, vision, and dental care providers every day to achieve compliance. Professional services organizations, such as law offices and accounting firms working with healthcare providers, benefit from our HIPAA compliant hosting practices as well.
All of our clients in the healthcare industry have found that outsourcing electronic aspects of HIPAA compliance to a secure hosting company allows them to focus their time and fiscal resources on other aspects of HIPAA requirements, such as patient document and record handling.
Some of our HIPPA compliant services:
- Commercial, business web application hosting for healthcare professionals
- Internet/Hosting infrastructure for medical SaaS (software-as-a-service) providers
- HIPAA-compliant colocation, dedicated and private cloud hosting environments
- Intranet and extranet hosting in virtual private environments
- Hosting for medical billing systems and web-based patient management systems
Our HIPPA focused security solutions:
- Web Application Level Protection
- Helps detect and contain undesirable traffic on public networks
- Helps prevent malware invasions like viruses, worms and trojans
- Helps stop hacker attempts like SQL injections and XSS (Cross-site scripting) attacks
- Customizable security rules ensure WAF is calibrated to protect your unique vulnerabilities
- Application Level Monitoring and Intrusion Detection
- Alerts administrators and manager every time files, directories, or hardware are accessed and by whom
- Detects active hosts, bad logon attempts, and inappropriate content
- Disaster Recovery with HIPPA Compliant Encryption
- Managed backup snapshots with retention
- Provides data encryption at rest in storage
- Requires a “key” to securely decrypt the data from backup
- Virtualized HIPAA Compliance Architecture
- Provides separate and privatized web application and databased hosting environments
- Makes creating a development /beta testing environment affordable
- Runs on enterprise level hardware
- Forces password expiration & enforces password strength
- Automates SSH & RTD timeouts
- HIPAA Compliant System Architecture
- Separate web and database environments
- Exclusive environment for development, separate from production environment
- Password expiration & ensured password strength
- Automatic SSH & RTD timeouts
- Log retention
- Provides a valuable, detailed audit trail during a forensic investigation
- Managed Patching, Version Control, and Security Updates
- Upgrades operating system automatically, and applications on request
- Provides support for Linux and Windows OSes
- Alerts administrators when security vulnerabilities are detected
- Physical and Logical Security
- Includes stringent data destruction policies
- Controls data movement inside and outside of our facilities
- Records any changes to the hosting environment
- Secures the data center environment with man-traps, surveillance, and controlled access
- Vulnerability Scanning
- Tests all services, virtual domains, ports, and IP addresses for 10,000-plus known vulnerabilities every day delivers a detailed notification every time a vulnerability is found
FISMA COMPLIANCE-READY SERVICES
FISMA is the Federal Information Security Management Act. It consists of security guidelines to protect the information and information systems of all federal agencies. With us, government agencies can rest easy knowing their sensitive information will be protected and that any risk will be effectively managed or prevented.
With FISMA compliant hosting, you’ll get an even greater level of service and support as with our other managed hosting solutions. Our team of engineers and security technicians are available every day, all day for consultations and assistance, and work with you to configure and secure your environment and to define and apply appropriate FISMA security controls. We monitor your hardware, software, databases and security, and you’ll get additional protection from our security platform, which provides intrusion detection systems and Web application firewalls.
We deploy a defensive in-depth approach from the physical to the network and system layers utilizing best of breed security tools, technologies, and security best practices that meet or exceed NIST (National Institute of Standards and Technology) 800.53 rev3 requirements.
- Physical Layer:
At the physical layer, our customers’ systems are hosted in our SSAE-16 Audited and ISO 9001:2008 & ISO 27001:2013 Certified & Registered data centers that are N+1 redundant for all critical infrastructure (electrical and HVAC) with strict temperature and humidity controls. The data centers are staffed 24x7x365 by systems and network administrators & engineers. Only authorized personnel are granted access into the facilities; visitors to the facilities must be escorted at all times by authorized personnel. All secure access points require card key or biometric access, and thorough surveillance is in place throughout the facilities and around the external perimeter.
- Network Layer:
At the network layer we focus on protecting customer systems from malicious and known attacks, such as XSS, SQL injections, and DDoS attacks by deploying the following network security tools:
- Redundant stateful inspection firewalls
- Multiple DDoS mitigation devices
- Multiple WAFs (Web Application Firewalls) to prevent XSS, CQL injections, and thousands of malicious requests and attacks
- Network IDS
- Complete customer-to-customer isolation
- Managed system-level backups as an additional service
- Customer compliance scanning as an additional service
- Web application scanning as an additional service
- SSL-encrypted VPN
- System Layer:
We deploy the following security products and methodologies to harden customer systems and protect against unauthorized, malicious and known attacks such as unauthorized access, trojans, and malware infections:
- Antivirus protection
- MS SQL encryption (if required)
- Fully hardened server images customized per server role
- Managed operation system security updates
- Host-based IDS as an additional service
- Two-factor Authentication for remote access
- All systems are monitored 24x7x365 by our professional on-site data center systems administrators & engineers
- Operational and Management Layer:
We have strict documented policy and procedures and customer portal to support customers’ ongoing FISMA compliance audit requirements as follows:
- Documented policy and procedures
- Separation of duties enforced
- Least privileges enforced
- Change Management procedures
- Patch management policy
- Incident response policy
- Sensitive media handling policy
- Our secure customer portal
- Customer ticketing system
ITIL CERTIFICATION-READY SERVICES
ITIL service management is the de-facto global standard in the area of IT service management. ITIL is a comprehensive, non-proprietary, and publicly available set of guidelines for best practices in information technology service management.
Our ITIL management processes and professionally trained staff ensure that we manage business risks and minimize service disruptions, as well as help your enterprise with the following:
- Maximize your return on IT & infrastructure investment
- Build and maintain positive business relationships with customers and improve customer satisfaction
- Ensure your customers can access services on-demand, when and where needed
- Support business change at the speed your business needs while ensuring a stable and low-risk environment
- Help you to quantify and clearly demonstrate the true value of the services you provide
- Ensure the business and your customers are not affected by unexpected service failures