Compliance

CloudWave Achieves SOC 1 Type 2 and SOC 2 Type 2 Compliance

Grazed from CloudWave

CloudWave, an IT infrastructure, cloud services, and technology consulting services provider for healthcare organizations, has successfully completed Service Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 examinations, performed by Assure Professional - a leading cybersecurity, assurance and compliance solutions provider. CloudWave's financial transaction processing system is both SOC 1 Type 2 and SOC 2 Type 2 compliant, in accordance with the attestation standards established by the American Institute of Certified Public Accountants (AICPA).

"We have had the opportunity to work with CloudWave for the past several years in evaluating their control environment as it relates to adherence to the SOC examination standard as published by the AICPA. Once again CloudWave has demonstrated their commitment to Security and Availability in their service offerings," said Juan Vargas, Assure Professional Senior IT Security Auditor.

SoftwareONE Launches Security for Microsoft 365

Grazed from SoftwareONE

SoftwareONE, a leading software and cloud portfolio management provider, announced that it has launched Security for Microsoft 365, a new managed service that enhances the security of Microsoft 365 environments as well as manages and protects users, devices, applications and information from advanced security threats. In a mobile-first, cloud-first world, the attack surface has expanded past the traditional IT perimeter and enterprises need to manage identities, protect devices, govern and manage Shadow IT, and make sure sensitive information is safeguarded.

Security for Microsoft 365 is powered by Microsoft 365 and includes Microsoft Enterprise Mobility + Security to help enterprises stay ahead of advanced security threats as employees become more mobile and cloud services are adopted across the organization. SoftwareONE plans, configures, implements and supports the solution to meet customer business requirements. Microsoft 365 provides security capabilities including identity management, mobile device management, endpoint protection, advanced threat protection and cloud application security. Security for Microsoft 365 will help enterprises prioritize and deploy the capabilities taking into account business, security and compliance requirements.

Alibaba Cloud Becomes the First Cloud Computing Company to Obtain C5 Attestation with Additional Requirements

Grazed from Alibaba Cloud

Alibaba Cloud, the cloud computing arm of the Alibaba Group, announced today that it had completed its assessment for the Cloud Computing Compliance Controls Catalogue (C5) set out by the Federal Office for Information Security in Germany, also known as Bundesamt für Sicherheit in der Informationstechnik (BSI). Alibaba Cloud is the world's first cloud provider to achieve this attestation with the additional requirements. The attestation covers Elastic Compute Service ("ECS"), Relational Database Service ("RDS"), Object Storage Service ("OSS"), Content Delivery Network ("CDN"), Server Load Balancer ("SLB"), Virtual Private Cloud ("VPC") and Alibaba Cloud Security available on Alibaba Cloud's regions in Singapore and Germany.

Alibaba Cloud's commitment to applying the highest levels of compliance in controls and security is shown by meeting the C5 standard that serves not only as a benchmark for the German market, but also increasingly as a benchmark for institutions across Europe. With the attestation, customers in German states can leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads using Alibaba Cloud services.

C5 is intended primarily for professional cloud service providers, their auditors and customers of the cloud service providers. It has 17 distinct control requirements that the cloud providers either have to comply with or meet defined minimum standards. It is a required assessment for working with the public sector in Germany and is being increasingly adopted by the private sector. The philosophy behind C5 is to unify the currently fragmented certification of cloud provisions that are measured against no agreed standards and possess no coherent oversight.

Chef Announces New Compliance and Application Automation Capabilities for AWS

Grazed from Chef

Chef, the leader in Continuous Automation, today announced new capabilities designed to further accelerate enterprise adoption of Amazon Web Services (AWS) by addressing users' compliance and containerized application lifecycle control concerns. Building on AWS OpsWorks for Chef Automate announced in 2016, new functionality includes Chef Automate with integrated compliance.

"As enterprises accelerate their migration to the cloud, working with DevOps leaders like Chef is crucial," said Scott Wiltamuth, Vice President of AWS Dev and Management Tools, Amazon Web Services, Inc. "Chef is providing valuable on-ramps for enterprise customers who are migrating workloads from on-premises data centers to AWS. We are pleased to see Chef's compliance-as-code capabilities as part of AWS OpsWorks for Chef Automate."

"When AWS launched OpsWorks with Chef Automate we immediately jumped on that," said Eric Schneider, CTO of Verisk. "It is one less component that we had to worry about. The experts at Chef and AWS are worrying about it for us, and that allows us to focus what is important for us and our customers."

Atlantic.Net Talks Cloud Hosting, HIPAA and HITECH Compliance

Grazed from VMblog.com



If your company is in the market for a Cloud Hosting, Managed Hosting, Dedicated Hosting, or HIPAA-Compliant Hosting provider, you may have already come across Atlantic.Net.  I recently sat down with the company's VP of Marketing, Adnan Raja, and asked him some questions about the company and their services.  

VMblog:  Tell us a little bit about Atlantic.Net and its history.

Adnan Raja:  Atlantic.Net was founded in 1994 by Marty Puranik as an ISP. Under Marty's leadership, Atlantic.Net has led the way in changing and adapting to new technologies, consistently introducing new services and solutions. Atlantic.Net is now a market leading cloud hosting provider, specializing in on-demand, private, and hybrid cloud hosting solutions. We operate our own SSAE 16 SOC 1 SOC 2 datacenter facilities, with presence in six international data centers.

WSM Announces Penetration Testing and Mitigation Services, plus Compliance Testing for Credit Card Processing

Grazed from WSM International

WSM International, a specialized cloud and IT integrator, introduces two new services to ensure cloud and IT infrastructure security, compliance and efficient operation:

  • Penetration testing services to assess IT security vulnerabilities and help protect data;
  • Payment Card Industry Data Security Standard (PCI DSS) compliance testing service.

Both services address the top security concerns found in the recent user survey by 451 Research: preventing infiltration of enterprise IT systems by those with malicious intent; and complying with security standards. 

CareCloud Announces SSAE 16 SOC 1 Cloud Security Compliance

Grazed from CareCloud

CareCloud, the platform for high-performing medical groups, today announced that it has successfully completed its first Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organization Control (SOC) 1 report. This voluntary attestation allows medical groups and their auditors to quickly verify that CareCloud has the proper internal controls and processes needed to ensure the highest quality and security of services provided.

"Our clients depend on us to deliver a quality, secure information technology infrastructure to support their financial, administrative, and care delivery processes," said Ken Comée, CEO of CareCloud. "With this independent audit, we're giving them the external validation they need for their financial statements while reinforcing the steps we take every day to protect the integrity and security of their data."

OCR Issues Guidance on HIPAA and Cloud Computing

Grazed from JDSupra. Author: Editorial Staff.

On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The Guidance includes “frequently asked” questions and answers for covered entities and business associates who use cloud products and services.

The Guidance focuses on cloud computing services provided by third-party cloud services providers (“CSPs”). The Guidance notes that “CSPs generally offer online access to shared computing resources with varying levels of functionality depending on users’ requirements.” ...

Cloud Computing: When Compliance Comes Down to Security

Grazed from CloudComputingExpo. Author: Fouad Khalil.

In the business world, it's hard to throw a rock without hitting a compliance requirement. All must be obeyed, but some call for a high level of control and auditability. Governing bodies are exerting their authority like never before, increasing the number of auditors and handing out heavy fines - sometimes as much as $1 million. This has become the new norm, and it isn't likely to turn around any time soon. It's important, then, to be aware of the primary threats that could undermine compliance efforts. The top three such issues are discussed below.

The Challenges of SOX

Public companies in the U.S. as well as foreign companies listed on U.S. exchanges are required by Sarbanes-Oxley (SOX) to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation...

Read more from from the source @ http://www.cloudcomputingexpo.com/node/3900000

ISO Compliance in the Cloud - why should you care?

Grazed from CCI. Author: Editorial Staff.

Issues around mobility and multi-tenancy, identity and access management, data protection and incident response and assessment all need to be addressed. And with multiple modes – SaaS, PaaS, IaaS, public, private, hybrid – creating added complexity in how security and compliance is carried out and by whom, this can lead IT leaders to think twice about leveraging cloud...

Organisations already in the processes of implementing ISO 27001 to audit and report on the state of controls within their environment will know the immense amount of work required. However, while addressing compliance in the cloud is undoubtedly tough, it doesn’t have to be an obstacle...