We care about compliance and deliver through these Industry standards and regulations.
You owe it to yourself to find a company like SUURV that cares about securing your data and looks for the best ways to keep it safe!
SUURV currently focuses on meeting the compliant requirements for the following primary industry standards.
The Service Organization Control (SOC) reporting standard has been established by the American Institute of Public Accountants (AICPA). SUURV currently utilizes the SOC 2 reporting standard. SOC 2 reports are based on a third-party attestation of compliance with AICPA Trust Service Principles (TSPs) relevant to security, availability, confidentiality, privacy, and processing integrity.
This certification demonstrates a systematic approach towards managing information security risks that affects the confidentiality, integrity, and availability of the service and customer information. ISO 27001 certification includes the establishment to providing transparency into its security controls and practices. ISO 27001 is of particular importance outside the United States.
The Federal Risk and Authorization Management Program (FedRAMP) is a collection of standards established by the U.S. Federal Government for security assessment, authorization, and continuous monitoring for cloud solutions. FedRAMP is mandatory for certain federal agencies. FedRAMP certification determines which cloud solutions can be purchased and deployed by federal agencies and their contractors.
The Payment Card Industry Data Security Standard is a proprietary information security standard for organizations that handle payment card information, such as credit card numbers. PCI DSS certification increases control around cardholder data management. Being a PCI DSS compliant service provider enables SUURV to help customers meet PCI requirements for the safe handling of personally identifiable data associated with a cardholder.
SUURV develops services that help our customers comply with their regulatory obligations. Customers are ultimately responsible for ensuring that their services are configured and secured in a manner that complies with their legal obligations.
The Gramm-Leach-Bliley Act (GLBA) requires financial to safeguard their customers' personal data. A "GLBA-Ready" SUURV service means that the service can be used in a way that enables the customer to help meet its GLBA Act obligations related to the use of service providers.
The Health Insurance Portability and Accountability Act (HIPAA) is legislation that governs the use of electronic medical records and includes provisions to protect the security and privacy of personally identifiable health-related data called protected health information (PHI). By law, healthcare providers and insurance companies that have any sensitive PHI can only use products that are HIPAA-compliant. Certain SUURV services can be configured to be used in a way that supports HIPAA compliance by a customer that is a "covered entity" under HIPAA and signs SUURV's Business Associate Agreement (BAA).
The Code of Federal Regulation, Title 21, Part 11: Electronic Records; Electronic Signatures (21 CFR Part 11) establishes the U.S. Food and Drug Administration (FDA) regulations on electronic records and electronic signatures. Being 21 CFR Part 11 compliant means that SUURV Technology services can be configured to be used in a way that allows pharmaceutical customers who engage with the FDA to comply with the 21 CFR Part 11 regulations.
The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to preserve the confidentiality of U.S Student education records and directory information. Under FERPA guidelines, SUURV can contractually agree to act as a "school official" when it comes to handling regulated student data and therefore to enable our education customers to comply with FERPA requirements.
Please call us when you're ready to focus on compliance! (877) 247-8324