The Statement on Standards for Attestation Engagements No. 16 (SSAE 18) is a set of standards developed specifically for certified public accountants (CPAs) to evaluate an entity’s internal controls and the impact a service organization may have on the entity’s control environment. This is particularly important as auditors attempt to accurately audit a company’s financial statements.
The SSAE 18 standards were put in place by the American Institute for Certified Public Accounts (AICPA) and serve as the authoritative guide for in-depth audits of a third-party service organization such as Racksquared Data Center. SSAE 18 is a relatively new set of standards published in January 2018 to supersede the SAS 70, the original guidelines for performing an examination of a service organization's controls and processes.
Businesses rely on SSAE 18 and SOC 2 audits and reports to build trust and confidence in their service provider’s ability to design, operate and control environments on which their business depends. Additionally, SSAE 18 and SOC 2 audits may assist an entity in complying with the Sarbanes-Oxley act or similar law or regulation.
Racksquared has completed the SSAE 18 SOC 2 certification.
For questions and other information, please contact:
Jason Hardy (jasonhardy@racksquared.com)
You may also visit our website at www.racksquared.com
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle credit card information and transactions from the major brands including Visa, MasterCard, American Express, Discover, and JCB. The PCI standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure and requires validation of ongoing compliance to be performed annually. PCI certification is critical for web-based businesses to safely process on-line payments in business-to-consumer and business-to-business transactions including e-commerce, content providers such as on-line video and music services, cloud and managed service providers as well as others.
PCI compliant data centers require physical, network and data security. Physical security means only authorized personnel should have limited access to server racks, suites and cages. Environmental controls should include 24×7 monitoring, logged surveillance, and multiple alarm systems. Dual-identification control access may include the both use of a security badge and code to gain access to restricted areas.
Racksquared is currently PCI DSS 3.0 certified and is working on completing the PCI DSS 3.2 audit for 2022.
For questions and other information, please contact:
Jason Hardy (jasonhardy@racksquared.com)
You may also visit our website at www.racksquared.com
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
The U.S. Department of Health and Human Services (HHS) published the HIPAA Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
HHS published the HIPAA Security Rule in February 2003. The Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).
The Office of Civil Rights (OCR) administers and enforces the Privacy Rule and the Security Rule. Other HIPAA Administrative Simplification Rules are administered and enforced by the Centers for Medicare & Medicaid Services.
The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.
All of the HIPAA Administrative Simplification Rules are located at 45 CFR Parts 160, 162, and 164. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
View the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.
For questions and other information, please contact:
Jason Hardy (jasonhardy@racksquared.com)
You may also visit our website at www.racksquared.com
At Racksquared our staff is constantly investing in themselves to improve the operations of the company. Our staff has earned VCP certifications from VMware, CCNA and CCNP from Cisco, and AIX certification from IBM just to name a few.
