Administrative Security

Administrative security includes our independent annuals audits, hiring policies, staff training, and back office processes that protect sensitive data. Equally important as ensuring the physical and technical security of your data environment, administrative security addresses the business-facing concerns of partnering with a third-party hosting provider.

If you collect, store or process credit cardholder data, you are required to meet PCI DSS compliance. With PCI, you are required to ensure third-party/service providers that may have an impact on the security of the cardholder data environment are able to meet compliance standards.

If you collect, store or process patient health data, you are required to meet HIPAA compliance. With HIPAA, you are required to comply with the Administrative Safeguards within the HIPAA Security Standards that apply to:

(i) The size, complexity, and capabilities of the covered entity.
(ii) The covered entity's technical infrastructure, hardware, and software security capabilities.
(iii) The costs of security measures.
(iv) The probability and criticality of potential risks to ePHI.

We can provide the administrative security you need in the form of contractual requirements, staff training and documented policies, procedures, and independent audit reports to lower your organization's risk of outsourcing your IT infrastructure needs to a trusted hosting provider.

 

audits-reports

Audits and Reports
Data center and hosting providers should maintain reports on compliance (ROC) in order to clarify which requirements they cover, and which requirements your company needs to fulfill. Online Tech provides copies of our audit reports for SSAE 16, SAS 70, SOC 1, SOC 2, HIPAA and PCI compliance.

policies

Policies
Online Tech’s documented policies and procedures reflect our protocol in the event of a data breach in order to provide your company visibility into our notification timeline. Additionally, documentation can outline other important security standards, from how data is handled after service termination to password policies.

staff-training

Staff Training
Documented policies and procedures are only effectual if employees are made aware of and trained on a regular basis. The mishandling and misuse of sensitive data can potentially lead to a data breach. Check the last dates of employee training, and inquire about hiring policies to ensure that your data is in safe hands.

business-associate-training

Business Associate Training
As your HIPAA hosting provider, we are trained on how to specifically handle ePHI (electronic protected health information). Part of your due diligence as a covered entity includes vetting your third-party service providers and ensuring they are trained on how to prevent a data breach. Additionally, we offer to sign and provide a business associate agreement with every healthcare client.

Get a Quote

Get started now. Exceptional service awaits.