Trusting the security of your data and applications to a hosting provider means you need to do your due diligence to ensure they can provide a secure, compliant environment that meets national compliance standards.
One way to determine this is by reviewing a copy of their Report on Compliance (ROC), whether it is PCI, HIPAA or SOC 2. Online Tech provides a copy of their independent audit reports under NDA (non-disclosure agreements) to give you insight into our scope of compliance.
To meet PCI DSS compliance, the PCI Security Standards Council mandates that you must:
For those entities that outsource storage, processing or transmission of cardholder data to third-party service providers, the Report on Compliance (ROC) must document the role of each service provider, clearly identifying which requirements apply to the assessed entity and which apply to the service provider.
When reviewing a HIPAA Report on Compliance (HROC), only partner with a business associate that has invested in an independent HIPAA audit and can provide a copy of their audit report. Online Tech’s HIPAA audit report shows our 100% compliance against the latest OCR HIPAA Audit Protocol guidelines that include requirements from the HIPAA Security Rule, Privacy Rule and Breach Notification Rule. While any provider can be independently audited, a HIPAA hosting provider that is audited against the same standards as the federal governing body of HIPAA ensures they are operating at the highest level of security.
An independent auditor’s report can not only give you assurance that your data and applications are in safe hands, they also provide a valuable assessment of what requirements and standards your hosting provider’s environment and security services can fulfill. They give you accurate insight into what your company still needs to cover.
No third-party or hosting provider can sell your company compliance - no matter how compliant they may be, your company still needs to assess your own policies and procedures and staff training.
Find out more about what each data center audit means in our Data Center Standards Cheat Sheet - From HIPAA to SOC 2.