As the technology leader of an enterprise business, the last thing you want to face is headlines about a data breach on your watch. That’s why at Cavern Technologies we proudly meet and exceed high infrastructure and security standards and maintain SSAE 18 SOC 2® Type 2 & SOC 1® Type 2, HIPAA/HITECH and PCI DSS 3.2 data center compliance. This streamlines the onboarding and auditing process for companies that are required to comply with industry regulations (and offers you additional peace of mind).
SSAE 18 SOC 2® Type 2 Report
This report demonstrates Cavern’s deep commitment to maintaining the most rigorous standards of excellence for data center operations, corporate controls, security and environmental compliance. SOC 2® reports are issued by the American Institute of Certified Public Accountants (AICPA) to service organizations who fulfill stringent requirements for management services including:
- Security – System is protected against unauthorized access (both physical and logical).
- Availability – System is available for operation and use as committed or agreed.
- Processing Integrity – System processing is complete, accurate, timely and authorized.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy – Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria outlined in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
SSAE 18 SOC 1® Type 2 Report
Cavern is maintains SOC 1® Type 2 compliance. We engage a third-party auditor to perform annual reviews of our financial statements and internal controls. Reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on Controls at a Service Organization. We consider these reports critical elements in our ongoing evaluation of our operational effectiveness as well as financial reporting for purposes of the Sarbanes-Oxley Act.
HIPAA/HITECH Compliant Report
We have also secured Health Insurance Portability and Accountability Act (HIPAA) compliance, demonstrating the highest standards in risk assessment, security measures and training. This report assures our colocation customers in healthcare and related industries that their patients’ electronic health information is safe.
PCI DSS 3.2 Compliant Report
Cavern is in full compliance with Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS) and provides a PCI DSS 3.2 compliance report. This confirms that customers using Cavern’s colocation data center services meet industry requirements to protect customer card data. This compliance is invaluable to retail companies and their vendors.
If you’re part of a heavily regulated industry, reach out and let us help you evaluate your hybrid IT or colocation data center strategy.
We’re happy to give you a tour of our facilities or walk you through options that meet your security and compliance needs.