SOC 2 and HIPAA Compliant
Service Organization Controls (SOC) are a set of standards designed to measure the ability of a given service organization to control its information in its service environments (e.g., the clouds it manages). SOC 2 compliance concerns internal controls of an advanced IT service organization. A company achieves SOC 2 compliance by having sufficient policies and strategies in place to protect client data.
About SOC 2
While many businesses understand the benefits of moving basic functions such as data storage to the cloud, some companies are still hesitant because of security concerns. SOC 2 compliance provides businesses with the confidence and peace of mind that their data is secured and highly available.
What SOC 2 Means for Zadara Storage
Our customers and regulators expect independent verification of security and availability controls. Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Zadara Storage achieves standard compliance. Zadara Storage undergoes independent third party audits on a regular basis to provide this assurance. This means that an independent auditor has examined the controls present in our services, products and operations.
The auditor documents the controls Zadara Storage has put in place in a SOC 2 report. The report evaluates the effectiveness of a service provider system based on the AICPA Trust Service Principles and Criteria. For more details on the SOC 2 trust services criteria, visit: https://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx
The full report is available upon request. Request full SOC 2 Report.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance.
What HIPAA means for Zadara Storage
Zadara is considered a HIPAA Business Associates as of the above definition. There is no HIPAA certification for a service provider such as Zadara Storage.
Zadara is a HIPAA compliant hosting provider, as it has the needed administrative, physical, technical and privacy safeguards in place, according to the U.S. Department of Health and Human Services:
- Administrative Safeguards – a collection of policies and procedures that govern the conduct of the workforce and security measures.
- Physical Safeguards – policies and procedures to limit physical access to its electronic information systems and facilities in which they are housed and to ensure their availability in an emergency.
- Technical Safeguards – policies and procedures for electronic information systems to allow access only to those persons or software programs that have been granted access rights. Access should be monitored and periodically audited to ensure that it is accurate and up to date.
- Privacy Safeguards – policies and procedures for electronic information systems to protect the privacy of the data subjects (primarily pertaining to covered entities)
The full report is available upon request. Request full HIPAA Report.