Whitehat Virtual Blog

Discover best practices, product information, and IT tips that you can use to help your business.

Compliance in the Cloud

Jessica Adams
Posted by Jessica Adams on Feb 25, 2015 4:30:00 AM

Compliance in the Cloud

Moving to the Cloud is simple with the most compliant and secure cloud solution in the industry

Whitehat has established our data encryption, protocols, and procedures to follow the top compliances and ensure that our customer’s data is secure and confidential.

Whitehat complies with the standards and regulations set forth in the respected industries. Whitehat has not undergone auditing by an outside source, however, we run our own internal audits to ensure we are compliant. We are so confident in our compliance that we sign a business associate agreement when requested by customers.
Request a Quote BYOD

Health Insurance Portability and Accountability Act (HIPAA)

What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and effectiveness of the health care system. As such, it requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers.

Recognizing that electronic technology could erode the privacy of health information, the law also incorporates provisions for guarding the security and privacy of personal health information. It does this by enforcing national standards to protect:

  • Individually identifiable health information, known as the Privacy Rule.

  • The confidentiality, integrity and availability of electronic protected health information, known as the Security Rule.

Sarbanes-Oxley Act (Sarbox or SOX)

What Sarbanes-Oxley covers: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.

Who is affected: U.S. public company boards, management and public accounting firms.


Payment Card Industry Data Security Standard (PCI DSS)

What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Who is affected: Retailers, credit card companies, anyone handling credit card data.

Statement on Standards for Attestation Engagements (SSAE)

What it covers: Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011.

Who is affected: Payroll Processing, Loan Servicing, Data Center/Co-Location/Network Monitoring Services, Software as a Service (SaaS), Medical Claims Processors


Ready for the Cloud?


Download our Whitepaper: Cloud for Healthcare

Topics: Security, Managed Security, Managed Services, Cloud and Hosting