Auditing and Compliance

As if IT departments don’t have enough to worry about, they must also ensure their organization is compliant with various industry and federal regulations.

This has proven to be a difficult task in today’s decentralized, mobile, app-filled world; it’s enough to give any IT department a headache. Rest assured you’re not alone in a sea of IT compliance requirements—OneNeck is here to help ease the burden.

OneNeck Approach

Customers must have solid assurance that the practices and methodologies provided by OneNeck meet the most stringent and critical auditing and compliance certification requirements. Leveraging best-practice frameworks (ITIL, CSC, NIST), we have established a proven methodology that verifies we can reasonably address nearly every compliance need or auditor review.

Compliance and Audit Deliverables

Looking for audit documentation to address IT compliance requirements? OneNeck works closely with a third-party CPA firm to validate and provide the following:

• HIPAA/HITECH—Independent examination provides healthcare customers assurance that the information security program is fairly presented and adopts essential elements of the Health Insurance Portability and Accountability Act Security Rule of 2003 (HIPAA) and the Health Insurance Technology for Economic and Clinical Health Act (HITECH).
• PCI-DSS v3.2.1—Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2.1 as a “Level 1” service provider, delivers security assurance to customers and saves them time and money when they have to substantiate their PCI DSS requirements.
• Type 2 SSAE 18—Enforces stringent requirements regarding clarity, length and complexity of many American Institute of Certified Public Accountants (AICPA) standards. It also requires date/time stamp evidence and queries for how certain populations are generated. The examinations, by an independent, third-party certified public accounting firm, validates our organizational and information technology controls and provides reasonable assurance that the applicable trust services are met for the following:
  • SOC 1 Type 2 and SOC 2 Type 2 for colocation services
  • SOC 1 Type 2 and SOC 2 Type 2 for ReliaCloud/IaaS
  • SOC 1 Type 2 for Enterprise Application Management/Managed Services
• EU—U.S. Privacy Shield Framework—A set of robust and enforceable protections for the personal data of EU individuals, this Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). Click to view the government website listing our certification as current.
• ISO/IEC 27001:2013—Reassures customers that OneNeck is following the best-known standards for an information security management system (ISMS). ISO 27001 prescribes a systematic approach to managing sensitive company and client information. It also leverages a risk management process, taking people, processes and IT systems into consideration

To request a complete copy of the above compliance reports, contact us today.

Compliance of industry-specific requirements

Adherence to any number of regulations and industry standards is a requirement for doing business in a global market. It can also be time consuming and costly to achieve. In addition, technology advancements, business and industry standards, and global politics can create what seems like an ever-changing compliance landscape. At OneNeck, we focus on maintaining the highest levels of compliance with the most widely-accepted frameworks. At the same time, we realize some organizations have specialized compliance requirements. If your business falls into this category, it is likely we can create a custom environment with specialized controls tailored specifically to meet your organization’s compliance needs.

Similarly, some organizations are required to demonstrate compliance with industry-specific frameworks. While it may appear these requirements are outside the scope of reports and attestations OneNeck complies with, the exact opposite may be true. Before exploring custom environments, contact your OneNeck SDM/Account Executive. Together, we can assess your business-specific requirements and examine any (and all) overlap with reports and attestations completed by OneNeck—that fully meet your obligations.

The bottom-line: With OneNeck, you can leverage our audit-ready facilities, compliant cloud infrastructure, and third-party reviewed reports and certifications to ensure the security and availability of your applications and data. If you have questions, or would like to discuss how current OneNeck attestations might satisfy your compliance requirements, contact us today.