Secant Data Center SSAE16 SOC 1 & HIPAA Compliant

Sun., January 25, 2015

Organizations in today’s business climate face regulations including SOX, HIPAA, PCI and others in order to ensure that proper safeguards and best practices are being followed for data security and privacy. Those regulatory requirements also extend to service providers and business associates as well.

Secant has made the investment in the critical infrastructure, tools, services and trained personnel required to achieve regulatory compliance which reflects our commitment to support the highest standards for business process control, data security, and privacy. 

After completing rigorous compliance assessments by third party auditors, Secant is pleased to announce that our Data Center is now both HIPAA and SSAE 16 SOC I compliant.

Simply put, our data center services and solutions now conform to mandated laws or standards to meet federal and commercial regulatory compliance.  These regulatory requirements map to industry best practices such as redundant power and cooling, intrusion detection, 24x7x365 monitoring and staff, backups and disaster recovery. More importantly, our standards, policies, procedures and security controls much be meticulously documented to demonstrate and validate compliance.


What is SSAE 16 SOC I data center compliance?

The Statements on Standards for Attestation Engagements (SSAE 16) and SOC I (Service Organization Controls) are attestation standards established by the AICPA to report on the controls and services provided by service organizations. Compliance with the SSAE 16 SOC I attestation standard requires Secant’s data center management to provide a written assertion about our services’ design, controls, and operational effectiveness. This statement, along with an independent auditor’s evaluation of Secant’s organization, security and change management systems constitutes SSAE 16 SOC I compliance.

What is HIPAA compliance?

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. The HIPAA Privacy Rule was updated in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH).  The HIPAA and HITECH Acts are administered by the Department of Health and Human Services (HHS) in the Office of Civil Rights (OCR). It is the OCR which has the right to enforce, audit, fine and charge companies and individuals for violations of the Act.

Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. Secant’s Data Center is fully compliant with each of the rules and regulations outlined in the Code of Federal Regulations (CFR), parts 160 and 164.

Why is SSAE 16 SOC I and HIPAA compliance critical?

Likely your organization has its own regulatory or compliance requirements whether you realize it or not. You can be assured that Secant’s data center services and solutions have stringent security policies in place that are assessed annually by independent third party auditors. This can eliminate the need for costly and time consuming audits of your data processing systems.

We recognize that failure to comply with these regulations may result in significant ramifications. We take our business seriously and we will take your business just as seriously by executing a Business Associates agreement.  

Our policies and procedures protect the data in our data center 24 hours per day, 365 days per year. Our procedures prevent unauthorized access and more importantly we have tools that tell us when someone is attempting unauthorized access.


Please contact us for more information about our SSAE 16  SOC I / HIPAA compliant data center and our data center services.