Administrative Security

Administrative security includes our independent annual audits, hiring policies, staff training, and back-office processes that protect sensitive data. Equally important as ensuring the physical and technical security of your data environment, administrative security addresses the business-facing concerns of partnering with a third-party hosting provider.

If you collect, store or process credit cardholder data, you are required to meet PCI DSS compliance. With PCI, you are required to ensure third-party/service providers that may have an impact on the security of the cardholder data environment are able to meet compliance standards.

If you collect, store, or process patient health data, you are required to meet HIPAA compliance. With HIPAA, you are required to comply with the administrative safeguards within the HIPAA Security Standards that apply to:

  • The size, complexity, and capabilities of the covered entity
  • The covered entity's technical infrastructure, hardware, and software security capabilities
  • The costs of security measures
  • The probability and criticality of potential risks to ePHI

We can provide the administrative security you need in the form of contractual requirements and staff training as well as documented policies, procedures, and independent audit reports to lower your organization's risk of outsourcing its IT infrastructure needs.


Audits and Reports
Data center and hosting providers should maintain reports on compliance (ROC) in order to clarify which requirements they cover and which requirements your company needs to fulfill. We provide copies of our audit reports for SSAE 16, SAS 70, SOC 1, SOC 2, HIPAA and PCI compliance.


Our documented policies and procedures reflect our protocol in the event of a data breach in order to provide your company visibility into our notification timeline. Additionally, documentation can outline other important security standards, from how data is handled after service termination to password policies.


Staff Training
Documented policies and procedures are only effective if employees are regularly made aware of their existence and trained on them. The mishandling and misuse of sensitive data can potentially lead to a data breach. Check the last dates of employee training, and inquire about hiring policies to ensure your data is in safe hands.


Business Associate Training
As your HIPAA hosting provider, we are trained on how to specifically handle ePHI. Additionally, we offer to sign and provide a business associate agreement with every healthcare client. Part of your due diligence as a covered entity includes vetting your third-party service providers and ensuring they are trained on how to prevent a data breach.

Get started now. Exceptional service awaits.