Security

Medical Datalytics takes the security of PHI very seriously. That is why our platform is hosted by one of the largest hosting companies in the U.S. - Ntirety  (Hosting.com) which is a SOC 1, SOC 2 and SOC 3 audited hosting organization.

Any data received by Medical Datalytics is promptly encrypted while residing on our platform. Our platform is HIPAA / HITECH compliant utilizing Compliance Helper consulting and monitoring services.

SOC – Service Organization Control Reports

Hosting.com has completed both the SOC 2 and SOC 3 audits. Through the assistance of the independent auditing firm of Mountjoy Chilton Medley, Hosting.com completed these audits to ensure the most rigorous requirements and internal controls in our cloud, dedicated and colocation hosting along with our data center operations practices. The SOC 2 and SOC 3 audit results are available for all Hosting.com data centers excluding Dallas. Throughout 2012, Dallas will be adopting the existing controls to prepare for the 2012 year end audit.

Why SOC?

Like many other service organizations, Hosting.com previously completed a yearly SAS 70 audit. However, the SAS 70 while designed for service organizations, was never truly designed for the data center and hosting environment for which it became the de facto standard in recent years. As a result, the American Institute of Certified Public Accountants (AICPA) developed a new reporting framework that replaced SAS 70 in June of 2011. The SSAE-16 and SOC framework is a new benchmark for service organizations.

Three different reports were developed to address the various needs of service organizations previously using the SAS 70:

SOC 1

The Statement on Standards for Attestation Engagements No. 16 (SSAE-16) Reporting on Controls at a Service Organization was drafted with the intention of updating US service organization reporting standards to mirror the new international service organization reporting standard (ISAE 3402).

The SOC 1 is most appropriate for organizations that provide financial services and wish to demonstrate compliance with internal financial reporting controls. Generally this applies to companies required to meet regulatory financial reporting requirements such as Sarbanes-Oxley (SOX). As Hosting.com is a privately held company that does not provide financial services, the SOC 1 audit is not presently applicable to the services we provide.

SOC 1 vs. SOC 2 and SOC 3

In contrast to the SOC 1 audit where criteria are self-defined by the service organization, the SOC 2 and SOC 3 audit reports are more stringent, assuring the reader that identical criteria was used to evaluate disparate data centers. SOC 2 and SOC 3 reports include pre-defined control criteria based on the Trust Service Principles of security, availability, processing integrity, confidentiality, and/or privacy. Both the SOC 2 and SOC 3 reports use the AT Section 101 standard instead of SSAE 16.

SOC 2

The Hosting.com SOC 2 is a Type II report which reports on the suitability of design and effectiveness of the controls evaluated. As the SOC 2 contains specific control data it is considered confidential and is provided only under NDA. Most companies will not require this level of information unless they have a security questionnaire to complete or are also completing a SOC audit where Hosting.com controls would overlap.

SOC 3

While the SOC 2 is a confidential report, the SOC 3 report is publicly available. The SOC 3 report contains:

•The auditor’s letter and summary opinion on the effectiveness of data center controls
•A management attestation letter
•A system description of the services provided and under the scope of the audit.

What this means for Etirety.com

We embrace the SOC standard as a testament to our commitment for one of the largest production workloads in North America – the Hosting.com Leading Enterprise-class Cloud Platform. Our Always On™ design framework necessitates the highest standards for data center operations. The SOC 3: SysTrust for Service Organizations seal proudly validates this achievement.

What this means for our customers.

Completing a SOC audit assures our customers, partners, suppliers, and regulators that Hosting.com is committed to excellence in quality and compliance for data center operations. Hosting.com can provide our customers and prospective clients a copy of the SOC 3 audit report to verify our controls meet or exceed their cloud, dedicated and colocation hosting needs. As these audits are performed by independent auditors, any potential bias is removed from the reports.

The results of our audit are hosted publicly in the SOC 3 report which may be accessed by clicking on the SOC seal below. Upon clicking the seal you will be taken to an outside page which hosts our SOC 3 audit report and further explains the Trust Service Principles we were audited against. As the SOC 3 is a public report, you are encouraged to share this with your auditors and customers as needed.