As if IT departments didn't have enough to worry about, they also have to ensure that their organization is in compliance with various industry and federal regulations.
This has proven to be a difficult task in today’s decentralized, mobile, app-filled world; it’s enough to give any IT department a headache. Rest assured you’re not alone in a sea of compliance requirements. OneNeck® IT Solutions is here to help.
Because we believe it is imperative to provide as much assurance to our customers as possible, our practices and methodologies meet various audit and certification requirements.
Leveraging best-practices frameworks (ITIL, CSC, NIST), we have developed a methodology to understand, document, train and govern our services effectively, allowing us to reasonably address our customer’s compliance needs and auditor reviews.
Compliance and Audit Deliverables
Looking for audit documentation? We can provide our customers with the following to help address their compliance obligations:
- HIPAA — We can negotiate BAA for colocation and provide a press release of successful examination.
- PCI — We can provide customers with our Attestation of Compliance (AOC).
- ISO 27001— We can provide customers a link to our certificate.
- U.S. - EU Privacy Shield— We can provide customers a link to the government website listing our certification as current.
- SOC 1— We can provide a SOC 1 Type 2 report for Colocation, ReliaCloud®, Managed Services and ERP Management with Management Responses.
- SOC 2— We can provide a SOC 2 Type 2 report for Colocation with Management Responses.
OneNeck Certification and Compliance
Adherence to any number of regulations and industry standards is a requirement for doing business in a global market. It also can be time consuming and costly to achieve. With OneNeck, you can leverage our audit-ready facilities and compliant cloud infrastructure to ensure the security and availability of your applications and data — and help meet your company’s IT compliance requirements. Contact OneNeck today to discuss your compliance needs.
- HIPAA/HITECH — OneNeck’s successful independent examination of its information security program by a CPA provides OneNeck’s healthcare customers assurance that the information security program is fairly presented and that it adopts essential elements of the Health Insurance Portability and Accountability Act Security Rule of 2003 (HIPAA) and the Health Insurance Technology for Economic and Clinical Health Act (HITECH).
- PCI-DDS v3.2 — Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2 as a “Level 1” service provider provides security assurance to our customers and saves customers time and money when they have their own PCI DSS requirements.
- Type 2 SSAE 16 (SOC 1) — OneNeck’s successful completion of the Type 2 SSAE 16 (SOC 1) examination by a 3rd party CPA validates our organizational and information technology controls related to the services audited are fairly described, suitably designed and are operating effectively.
- SOC 2 Type 2 (Security & Availability Trust Principles) — OneNeck’s successful completion of the SOC 2 Type 2 examination by a 3rd party CPA validates our organizational and information technology controls related to the services audited provide reasonable assurance that the applicable trust services are met.
- U.S. - EU Privacy Shield — The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs).
- ISO/IEC 27001:2013 — ISO 27001 is the best-known standard for providing requirements for an information security management system (ISMS). ISO 27001 compliance reassures OneNeck’s customers and clients that OneNeck is following the requirements which prescribe a systematic approach to managing sensitive company and client information. It leverages a risk management process taking into considerations people, processes and IT systems.