Compliance in the Cloud
Cloud computing offers numerous advantages over storing data locally in an office, much of these revolve around regulatory compliance, business continuity and disaster recovery.
Our solutions have achieved compliance across all 54 HIPAA citations as well as the complete set of 136 audited components when audited by an independent Certified HIPAA Professional (CHP) and Certified Health Security Specialist (CHSS), ATMP Solutions.
For specifics concerning HIPAA & HiTech law please see the Health and Human Services website.
Our datacenters are recognized as PCI-DSS compliant. Documentation provided upon request
Utilizing Tier 3 & 4 data centers. Data centers are chosen not only for network peering but also for physical security and redundancy options. eTegrity only uses data center vendors with ISO 27001 certification for physical security. Access must be restricted and controlled typically with proximity card and/or biometrics.
Staff Change Control and Access Monitoring
In order to monitor access to systems, all engineers provided with access to potentially sensitive information have passed a data competency check. All staff members have references checked and have also signed an encompassing Non-Disclosure Agreement preventing the disclosure of any sensitive materials in our domain. Access to systems and data is only by experienced engineering staff that has been granted access by Director Level. Staff members are aware their access in and out of systems is monitored.
Security Policies and Procedures
An information system security policy is a well-defined and documented set of guidelines that describes how an organization manages and protects its information assets, and how it makes future decisions about its information system security infrastructure.
Security procedures document precisely how to accomplish a specific task. For example, a policy may specify that virus checking software is updated on a daily basis, and a procedure will state exactly how this is to be done -- a list of steps.