HIPAA Document

SSAE 16 SOC 2 Type 2 Certification for Giva's Cloud Help Desk Software

SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for defining how data centers report on compliance controls.

 

Technology

HIPAA Green Arrow

People

HIPAA Green Arrow

Process

Enterprise and service provider class technology from Dell, Cisco, F5, VMware, EMC, Netapp, Tripwire, Trustwave, Microsoft and Red Hat.
Skilled HIPAA-certified engineers available 24/7/365.
All processes are validated against a rigorous set of controls by an independent team of CPA auditors. The annual SSAE 16 SOC 2 Type 2 compliance reports is issued and shared with all Giva customers upon request.

The SOC 2 framework is a comprehensive set of criteria known as the Trust Services Principles that are composed of the following five sections:

  • Security of a service organization's system.
  • Availability of a service organization's system.
  • Processing integrity of a service organization's system.
  • Confidentiality of the information that the service organization's system processes or maintains for user entities.
  • Privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.

It is important to be aware of the differences between a Type 1 and Type 2 SSAE 16 report.

The Type 1 SSAE certification performed for many data centers uses the following criteria:

  1. The description of the service organization's system was designed and implemented as of only a single specified report date which is typically 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance as of only a single specified report date which is typically 12/31/xx.

In other words, a Type 1 report is just a snapshot in time at a particular date which is typically 12/31/xx.

In sharp contrast, the Type 2 SSAE certification performed for Giva's data centers uses the following criteria which are more rigorous, difficult to pass and a higher overall standard:

  1. The description of the service organization's system was designed and implemented over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.

Datacenter Specifications

  • Power
    • Direct connection to power grid at 13.2 kV
    • 2N electrical design
    • Dual Redundant UPS / Battery Strings
    • Automatic Transfer Switch
    • 750 kW back-up generator
    • 2300 Gallons of fuel onsite
    • Enough capacity for up to 7 days
  • Cooling
    • n+1 Design
    • Redundant CRAC Cooling
    • Temperature of 70 degrees F / 50% Hum
    • Hot Aisle/Cold Aisle Design
    • Redundant Glycol Pumps
  • Fire
    • Dry-piped pre-action fire protection system
    • FM200 Gas Fire Suppression System
  • Connectivity
    • 3 Tier 1 Network Carriers
    • 30 Gbps Bandwidth
    • 4 Fiber Paths
    • 2N Network Design