AICPA SOC 2 Type II Compliance
Xfernet is audited annually by a third party for Service Organization Controls (SOC) 2 Type II compliance. The resulting report evaluates the security, availability, confidentiality, privacy, and processing integrity of Xfernet’s products and services, including Xfernet’s ActiveGrid Cloud Services, Colocation and Dedicated Server solutions.
Meeting stringent SOC 2 audit criteria is part of our ongoing commitment to operating an environment where customers can feel confident that the necessary security frameworks are in place to help protect their data. The SOC 2 Trust Services Principles were developed by the American Institute of Certified Public Accountants (AICPA) specifically for evaluating service providers. Security is an integral part to every Xfernet product and service. We want to go above and beyond regulatory requirements, and that’s why we decided to undertake the rigorous scrutiny of a SOC 2 audit.
SOC 2 reports are restricted-use reports intended for existing customers, prospective customers and internal use only. It is not to be distributed publicly. Please contact our sales team to request a copy of the document.
HIPAA Compliance
Xfernet has achieved compliance under the strict U.S. Health Insurance Portability and Accountability Act (HIPAA) guidelines for physical security by third party audit, enabling covered entities and their business associates to leverage Xfernet’s secure environment to process, maintain, and store protected health information.
Our annual HIPAA Compliance Assessment Report is available to current customers and prospects. Please contact our sales team to request a copy of the document.
PCI-DSS Compliance
Xfernet has been found by third party assessment to be compliant under the rigorous standards of the Payment Card Industry (PCI) Data Security Standard (DSS) Level 1. Customers can run applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. In February 2013, the PCI Security Standards Council released PCI DSS Cloud Computing Guidelines.
A Report on Compliance (RoC) is available for current and potential customers. Please contact our sales team to request a copy of the document.
CompTIA Managed Services Trustmark
The CompTIA Managed Services Trustmark is a vendor neutral, business-level credential, designed to qualify and differentiate organizations providing remote IT services via a managed service business model. This credential identifies the MSPs that demonstrate a commitment to providing managed services in a competent manner and strive toward industry best practices. It serves as a reference to the quality of the services these companies provide and the commitment they make to their clients. To receive the CompTIA Managed Services Trustmark, an IT service organization must agree to a code of conduct, provide customer references, and submit an application covering a detailed list of criteria.
CompTIA Security Trustmark+
The CompTIA Security Trustmark+ is a vendor neutral, business-level credential, designed to qualify and differentiate organizations that provide exceptional data and network protection services. This designation identifies IT services companies that demonstrate a commitment to industry recognized security standards and adhere to prescribed compliance measures. Each CompTIA Security Trustmark+ holder organization has undergone an extensive practice review, including an examination of its methodologies and management policies with a third-party auditor. This process authenticates a service provider’s ability to prevent data breaches and IT security intrusions in their clients’ networks and systems, as well as their own business. Organizations at this level have earned the highest Security Trustmark available.