CoreSpace Compliance

In our world of changing IT security requirements and privacy rules, we take the guesswork and frustration out and put you back in control of your business.  Stop worrying about your HIPAA, PHI and compliant data requirements. Let us quickly and competently take care of all your IT compliance hosting needs in our fully audited and certified SSAE 16 and compliant data centers.

HIPAA Compliance

Achieving and maintaining HIPAA (Health Insurance Portability and Accountability Act) compliance is easier with CoreSpace. HIPAA is a federal regulation that sets rules for the use and disclosure of patient’s health care information – at CoreSpace we sustain the highest level of HIPAA compliance for your secure environment.

Our HIPAA-compliant Data Center environments provide a secure solution for mission critical applications. Companies and organizations – health care institutions, financial institutions, ASP, SAAS – have all leveraged our infrastructure for timely implementation and comprehensive compliance. After completing an audit against the latest audit protocols (http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/protocol.html). CoreSpace was found to be 100% compliant, and therefore we operate at the top level of HIPAA’s guidelines.

Our multi-tier security platform, combined with an enterprise service level environment, protects your data and provides you the highest level of adherence to strict HIPAA regulations.

We provide you with 24/7, 365 access to our highly trained service team. We provide assistance for configuration, implementation and migration to our secure HIPAA hosting services. We assume full responsibility for every aspect of your HIPAA compliant data hosting.

Some of our recommended HIPAA compliant features are –

– Fully Managed Support

– Secure DDoS/IPS Protection available

– Hot Swappable Disk Chassis

– Continuous Backup Protection

– Hardware Disk Raid Configurations

HIPPA Compliant Network Security Measures

Power, Cloud Services, Managed Servers and Network Infrastructure are all critically sensitive – CoreSpace protects and restricts access to these assets, assuring your data is consistently secure.

Our physical security means only authorized personnel have limited access to clients’ private locked racks, suites and cages. We have 24/7 monitoring with logged 90 day surveillance with multiple alarm systems to alert our 24/7 premise-based CoreSpace NOC.

PCI Compliance

If your website accepts, processes or stores credit card information, then you’re held responsible for being PCI Compliant. CoreSpace provides resources to accommodate these responsibilities.

The Payment Card Industry Data Security Standards (PCI DSS) Visa, MasterCard, JCB International, Discover and American Express developed a standard to prevent consumer data theft and reduce online fraud. The PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Compliance and validation of compliance with some or all of the 12 requirements is mandatory for any organization that stores, transmits or processes credit card transactions.

NON COMPLIANCE PENALTY – Major credit card networks can penalize and fine significant amounts for breach of compliance. Participating companies can be barred from processing credit card transactions, higher processing fees can be applied – and in the event of a serious security breach – fines of up to $500,000 may be levied for each instance of non-compliance.

PCI Regulations

All merchants and service providers with external-facing IP addresses that handle, store or transmit credit card data are under PCI regulations. All entities that process and store or transmit cardholder data, including e-mail and employee Internet access, will result in the Internet accessibility of a company’s network. Even if your website does not offer website based transactions, are responsible and subject to fines and penalties if any beach of information occurs.

CoreSpace is PCI compliant hosting provider whose technology and processes have been tried, tested and proven to be successful. PCI is an integral part of our daily operations; CoreSpace knows what works and what doesn’t. And we share that knowledge with you, helping you understand the specific impacts of current PCI compliance regulations – and how leveraging our compliance expertise can enable our customer’s goals. By choosing our managed compliant option, you can go about your core business, free of the worries often associated with PCI compliance. We’ll take care of the myriad of intricate details that come with managing a complex system environment such as yours. And you can enjoy the operational efficiency inherent in outsourcing to an established, trusted provider like us.

SSAE 16

What is SSAE 16?

SSAE 16 (Statement on Standards for Attestation Engagements) was designed to fulfill international service organization reporting standards. These reports cover the service organization’s controls of its system for a specific point in time.

SSAE 16 Compliant Data Centers

All CoreSpace Data Centers are certified SSAE16 compliant with the new SSAE 16 standards. With this new certification, all servers hosted with CoreSpace are secured through the implementation of IT controls that adhere to the new SSAE 16 guidelines. CoreSpace service Technicians working within the data center facility operate according to a strict internal process to ensure that all servers are managed according to the controls established.

SSAE 16 Type I

SSAE 16 Type I is geared towards service organizations that had not gone through a SAS 70 audit and would like to be set on their own path to a Type II reporting standard. SSAE 16 Type 1 – is when Auditors test the accuracy of the service provider’s descriptions and assertions. Any information provided by the independent auditor in regards to testing the service and its operating effectiveness are optional for this report.

SSAE 16 Type II

A Type II report details the testing done on the service organization’s controls and its effectiveness. The audit is completed over a minimum period of six months which is stated in the report. Reports utilize the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organizations controls with respect to security, availability, processing integrity, online privacy, and confidentiality.

These reports demonstrate that we adhere to the risks within our environment and are equipped with appropriate controls to address those risks. SSAE 16 reports confirm that our control program is appropriately designed, and that the controls designed to safeguard customer data is operating effectively over time. Customers can now leverage our services to store and process any type of sensitive data with confidence regarding high levels of privacy and security.