We exceed high infrastructure and security standards
We meet and exceed high infrastructure and security standards and maintain PCI DSS 3.2 compliance, HIPAA/HITECH compliance and SOC 1® Type 2 & SOC 2® Type 2 reports. This streamlines the process for enterprise customers who are required to comply with industry regulations and provides additional peace of mind.
SSAE 18 SOC 1® Type 2 Report
Cavern Technologies takes compliance seriously and engages with CBIZ, a third-party auditor, to perform annual audits of its financial statements as well as internal controls. Reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on Controls at a Service Organization. The reports are important elements of Cavern’s evaluation of its internal controls over financial reporting for purposes of the Sarbanes-Oxley Act as well as for external auditors as they plan and perform audits of the financial statements. Cavern’s SOC 1® Type 2 reports on:
- Fairness of the presentation of Cavern’s description of its systems, and
- Suitability of the design and operating effectiveness of the controls in place to achieve the related control objectives included in the description throughout a specific period.
SSAE 18 SOC 2® Type 2 Report
All Kansas City data centers managed by Cavern undergo annual audits conducted by an external auditing firm to complete SOC 2® Type 2 reviews. These certifications bring extra assurance of our deep commitment to maintaining the most rigorous standards of excellence for data center operations, corporate controls, security and environmental compliance. SOC 2® reports are issued by the American Institute of Certified Public Accountants (AICPA) to service organizations who fulfill stringent requirements for management services including:
- Security – System is protected against unauthorized access (both physical and logical)
- Availability – System is available for operation and use as committed or agreed
- Processing integrity – System processing is complete, accurate, timely and authorized
- Confidentiality – Information designated as confidential is protected as committed or agreed
- Privacy – Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
PCI DSS 3.2 Compliant Report
Cavern demonstrated full compliance with Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS) and provides PCI DSS 3.2 reporting. This confirms that customers using Cavern’s co-location services meet industry requirements to protect customer card data. Such compliance is invaluable to retail companies and the vendors with which they do business.
HIPAA/HITECH Compliant Report
Cavern has also secured Health Insurance Portability and Accountability Act (HIPAA) compliance, demonstrating the highest standards in risk assessment, security measures and training. This assures customers that colocating with Cavern keeps patients’ electronic health information safe.