Compliance

We meet and exceed high infrastructure and security standards and maintain PCI DSS 3.2, HIPAA/HITECH and SSAE 18 SOC 1 Type II & SOC 2 Type II. This streamlines the process for enterprise customers who are required to comply with industry regulations and provides additional peace of mind.

SSAE 18 SOC 1 Type 2 Report

Cavern Technologies takes compliance seriously and engages with CBIZ, a third party auditor, to perform annual audits of its financial statements as well as internal controls.  Reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on Controls at a Service Organization.  The reports are important elements of Cavern’s evaluation of its internal controls over financial reporting for purposes of the Sarbanes-Oxley Act as well as for external auditors as they plan and perform audits of the financial statements.  Cavern is SOC 1 Type 2 Certified which reports on the:

  • Fairness of the presentation of Cavern’s description of its systems, and
  • Suitability of the design and operating effectiveness of the controls in place to achieve the related control objectives included in the description throughout a specific period.
SOC-Service-Org_B_Marks_2c_Web

SOC 1 Type 2 and SOC 2 Type 2 Certified

SSAE 18 SOC 2 Type 2 Report

All Kansas City data centers managed by Cavern undergo annual audits conducted by an external auditing firm to complete SOC 2 Type 2 reviews. These certifications bring extra assurance of our deep commitment to maintaining the most rigorous standards of excellence for data center operations, corporate controls, security and environmental compliance. SOC 2 certifications are issued by the American Institute of Certified Public Accountants (AICPA) to service organizations who fulfill stringent requirements for management services including:

  • Security – System is protected against unauthorized access (both physical and logical)
  • Availability – System is available for operation and use as committed or agreed
  • Processing integrity – System processing is complete, accurate, timely and authorized
  • Confidentiality – Information designated as confidential is protected as committed or agreed
  • Privacy – Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.

PCI DSS 3.2 Compliant Report

Cavern demonstrated full compliance with Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS) and now holds PCI DSS 3.2 certification. This confirms that customers using Cavern’s co-location services meet industry requirements to protect customer card data. Such compliance is invaluable to retail companies and the vendors with which they do business.

HIPAA/HITECH Compliant Report

Cavern also secured Health Insurance Portability and Accountability Act (HIPAA) compliance, demonstrating the highest standards in risk assessment, security measures and training. This certification assures customers that co-locating with Cavern keeps patients’ electronic health information safe.

Cavern excels at compliance. Schedule a tour or contact us today to learn more.