Compliance & Certifications
Adding cloud services to your portfolio is the right decision for many reasons including; but not limited to:
CAPex costs eliminated
Offload hardware lifecycle management OPex costs and challenges
Software licensing costs greatly reduced or eliminated
24x7x365 infrastructure monitoring – enhanced availability
While all of the reasons for moving to the cloud are very compelling there’s no getting around the fact that your reputation as a reliable technology services provider could be tarnished if your clients experience downtime caused by issues with the cloud server hosting facility.
We understand that your reputation is at risk, just as is ours. This is why Xterity’s Cloud Services are built on enterprise-class infrastructure and hosted in world-class datacenters from industry leaders such as Equinix and others. The combination of enterprise-class infrastructure and world-class datacenters enables us to confidently stand behind our service level agreement of 99.99% uptime.
Our cloud infrastructure is hosted in highly reliable and secure global datacenters which are continuously audited for compliance to the strictest standards including:
SSAE16 SOC-1 Type II
SSAE16 SOC-2 Type II
Detailed site specific certification information is available on request.
Xterity has partnered with Odyssey Validation Consultants’ (OVC) to provide cloud environments that can host GxP validated systems. This allows Xterity partners or their customers with applications that have requirements under Good, Clinical Laboratory and Manufacturing Practices a shortcut to the cloud. The OVC GxP services for Xterity Cloud deliver fully compliant cloud services to regulated companies in the life sciences sector and in the connected health / IoT space, ensuring data integrity in an audit ready environment. OVC has worked closely with international regulatory authorities to develop its GxP cloud offering to ensure it meets and exceeds the requirements.
OVC partners with companies to achieve regulatory compliance in a cost effective and efficient manner providing a platform for continuous improvement and works with organizations worldwide to establish and maintain best in class GxP Computerized Systems providing project management, validation and auditing services necessary to support regulated business processes.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to establish national standards to protect individuals’ medical records and other personal health information. The HIPAA Privacy Rule was passed in 2002 to provide safeguarding specifications to protect the privacy of personal health information. The rule regulates the use and disclosure of protected health information (PHI). In addition, the HIPAA Security Rule requires covered entities to secure electronic protected health information (ePHI) through implementation of administrative, technical, and physical security controls.
Since the Privacy Rule compliance date (April 2003), the US Dept. of Health and Human Services – Office for Civil Rights (OCR) has received over 130,000 HIPAA complaints and has resolved 96% of the cases. Non-compliance can be a very costly mistake. As of April 21, 2016, the OCR reports settling 33 non-compliant cases resulting in over $33M in penalties.
Egenera constantly evaluates all security and privacy capabilities for our cloud operations using industry regulations such as HIPAA, SSAE16 and ISO27001 as a guide. While no cloud provider can instantly make your business (or your clients) HIPAA compliant, Egenera's transparency and use of published policies certainly make it easier. Egenera can help you be HIPAA compliant in the cloud faster, and with less expense. If you are faced with a HIPAA audit, we can help you meet your requirements by:
Entering into Business Associate Agreements (BAA)
Providing process documentation for our cloud operations that is HIPAA compliant
Maintaining adherence to ISO 27001 best practices that HIPAA is based on
Providing transparent access to the changes in your cloud environment
Assisting with the cloud operational aspects of an audit should it occur
GDPR / CISPE
Billed as the “most important change in data privacy regulation in 20 years,” the European Union (EU) General Data Protection Regulation (GDPR) was approved by the EU Parliament on April 14, 2016 with enforcement commencing on May 25,2018.
To provide our partners and their customers regulatory peace-of-mind, Egenera has joined the Cloud Infrastructure Services Providers Europe (CISPE) organization as a member and we’ve proactively taken the steps to ensure our Xterity Cloud Services comply with the CISPE Code of Conduct for Data Protection.
The CISPE Code of Conduct provides guidance to customers in assessing whether cloud infrastructure services are suitable for the data processing activities that the customer wishes to perform. Egenera’s declaration of adherence to the Code instills trust and confidence for customers that:
Xterity Cloud Services have met the CISPE Code of Conduct requirements
Customers can use Xterity Cloud Services to process personal data in ways that comply with applicable EU data protection law and;
Xterity has the controls in place to ensure your data is stored and processed in only the geographies you select
With cloud instances located on five continents, we strive to stay ahead of regulatory requirements so that our partners, and their customers don’t have to worry if the infrastructure they rely on is compliant. With respect to CISPE; while data governance in the cloud is a shared responsibility our partners and their customers have peace-of-mind knowing that we’re performing the role of “data processor” in a CISPE compliant manner. One critical point that some businesses may not be aware of is that the GDPR also encompasses the export of personal data outside the EU.
Egenera's Xterity is a cloud IaaS provider simpler than AWS or Azure and a excellent platform for ISV to SaaS transition. It also can be used as a cloud backup and DR provider.. For more details about what Xterity can do for you check out our feature matrix or use cases.