365 Data Centers has announced that all 17 of the company's data centers are compliant with the relevant sections of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and conform to the Statement on Standards for Attestation Engagements (SSAE) No. 16 SOC 1 Type 2, Reporting on Controls at a Service Organization. A-lign CPAs, an independent accounting and auditing firm, performed the audits and confirmed 365's compliance with the HIPAA and SSAE 16 standards. The compliance reports provide the assurance that 365 Data Centers' services are suitable for highly regulated businesses and applications that require high security, control and data privacy.
A-lign administered the HIPAA assessment regarding 365 Data Centers' compliance with HIPAA's Security Rule for administrative and physical safeguards, procedures, organizational safety measures, and policy and procedure and documentation requirements. The scope of the audit included all of 365 Data Centers' 17 U.S.-based colocation facilities, which were also found to meet the breach reporting requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH").
The auditing firm also conducted a SSAE 16 SOC 1 Type 2 examination of the systems and controls in place to meet the attestation standards established by the American Institute of Certified Public Accountants (AICPA). SSAE 16 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user entity's management to obtain assurance about a company's internal controls without conducting additional assessments. The requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SSAE 16 reports important to the process of reporting on effective internal controls by public companies.
"Our customers rely on 365 Data Centers to make their lives easier. Our compliant services will help our customers reduce the expense and effort associated with their own audits and compliance," said John Scanlon, CEO, 365 Data Centers. "Our ability to comply with such tough standards as the HIPAA Security Rule, HITECH and SSAE 16 across 100% of our facilities are a testament to the high standards set by our operations team."
"Our team is pleased to have audited 365 Data Centers to ensure they comply with relevant sections of HIPAA Security Rule and Type 2 SSAE 16 controls and requirements," stated Scott G. Price, CPA/CISA/CIA, managing director, A-lign. "365 Data Center's documented procedures, systems and track record of operations allowed A-lign to perform the audit efficiently.
Copies of the SSAE 16 audit report, HIPAA audit report and the company's HIPAA Business Associate Agreement (BAA) are available upon request.