Compliance & Certifications
Datacenter Certifications
Adding cloud services to your portfolio is the right decision for many reasons including; but not limited to:
-
CAPex costs eliminated
-
Offload hardware lifecycle management OPex costs and challenges
-
Software licensing costs greatly reduced or eliminated
-
24x7x365 infrastructure monitoring – enhanced availability
While all of the reasons for moving to the cloud are very compelling there’s no getting around the fact that your reputation as a reliable technology services provider could be tarnished if your clients experience downtime caused by issues with the cloud server hosting facility.
We understand that your reputation is at risk, just as is ours. This is why Xterity’s Cloud Services are built on enterprise-class infrastructure and hosted in world-class datacenters from industry leaders such as Equinix and others. The combination of enterprise-class infrastructure and world-class datacenters enables us to confidently stand behind our service level agreement of 99.99% uptime.
Our cloud infrastructure is hosted in highly reliable and secure global datacenters which are continuously audited for compliance to the strictest standards including:
-
ISO 27001
-
ISO 9001
-
SSAE16 SOC-1 Type II
-
SSAE16 SOC-2 Type II
Detailed site specific certification information is available on request.
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to establish national standards to protect individuals’ medical records and other personal health information. The HIPAA Privacy Rule was passed in 2002 to provide safeguarding specifications to protect the privacy of personal health information. The rule regulates the use and disclosure of protected health information (PHI). In addition, the HIPAA Security Rule requires covered entities to secure electronic protected health information (ePHI) through implementation of administrative, technical, and physical security controls.
Since the Privacy Rule compliance date (April 2003), the US Dept. of Health and Human Services – Office for Civil Rights (OCR) has received over 130,000 HIPAA complaints and has resolved 96% of the cases. Non-compliance can be a very costly mistake. As of April 21, 2016, the OCR reports settling 33 non-compliant cases resulting in over $33M in penalties.
Egenera constantly evaluates all security and privacy capabilities for our cloud operations using industry regulations such as HIPAA, SSAE16 and ISO27001 as a guide. While no cloud provider can instantly make your business (or your clients) HIPAA compliant, Egenera's transparency and use of published policies certainly make it easier. Egenera can help you be HIPAA compliant in the cloud faster, and with less expense. If you are faced with a HIPAA audit, we can help you meet your requirements by:
-
Entering into Business Associate Agreements (BAA)
-
Providing process documentation for our cloud operations that is HIPAA compliant
-
Maintaining adherence to ISO 27001 best practices that HIPAA is based on
-
Providing transparent access to the changes in your cloud environment
-
Assisting with the cloud operational aspects of an audit should it occur
Other vertical compliance
Xterity has partnered with a number of our partners to provide other compliances that are solution or industry specific such as PCI, GxP or FedRAMP. Partners that work with the Xterity cloud to provide these sort of cloud environments can easily host new solutions for customers that have those compliances faster and for a lower cost due to the controls in place within the Xterity cloud.
GDPR
Billed as the “most important change in data privacy regulation in 20 years,” the European Union (EU) General Data Protection Regulation (GDPR) was approved by the EU Parliament on April 14, 2016 with enforcement commencing on May 25,2018.
To provide our partners and their customers regulatory peace-of-mind, Egenera has collaborated with organizations such as the Cloud Infrastructure Services Providers Europe (CISPE) to proactively take the steps to ensure our Xterity Cloud Services comply with a rigorous Code of Conduct for Data Protection. Egenera’s strict adherence to these controls providers customers confidence that:
-
Customers can use Xterity Cloud Services to process personal data in ways that comply with applicable EU data protection law and;
-
Xterity personal has no access to customer servers
-
Xterity offers drag and drop services such as encryption and VPNs to ensure your data is protected even from Egenera support staff.
-
Xterity has the controls in place to ensure your data is stored and processed in only the geographies you select
With cloud instances located on five continents, we strive to stay ahead of regulatory requirements so that our partners, and their customers don’t have to worry if the infrastructure they rely on is compliant. While data governance in the cloud is a shared responsibility our partners and their customers have peace-of-mind knowing that we’re performing the role of “data processor” even to the point that as a US based company we provide our partners detailed control over the export of personal data outside of the EU a GDPR restriction not every company is aware of.
Additional CISPE Data Protection Code of Conduct for Cloud Infrastructure Service Providers information can be found at: https://cispe.cloud/code-of-conduct/
Egenera's Xterity is a cloud IaaS provider simpler than AWS or Azure and a excellent platform for ISV to SaaS transition. It also can be used as a cloud backup and DR provider.. For more details about what Xterity can do for you check out our feature matrix.