Data Canopy

Federal Information Security Management Act

FISMA 2014 codifies the Department of Homeland Security's role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies' compliance with those policies, and assisting OMB in developing those policies.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Health Information Technology for Economic and Clinical Health Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.

Health Information Trust Alliance Common Security Framework

The HITRUST CSF certification - when attained in conjunction with the industry-specific EHNAC accreditation - demonstrates to business partners and prospects your commitment to the highest standards of data privacy and security.

International Standard for Standardization 27001

ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS).

Leadership in Energy and Environmental Design

A LEED credential denotes proficiency in today's sustainable design, construction, and operations standards.

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands.

Privacy Shield Framework

The Privacy Shield Principles lay out a set of requirements governing participating organizations' use and treatment of personal data received from the EU and Switzerland. By joining the Privacy Shield, participants make a commitment to comply with these Principles that is enforceable under U.S. law.

System and Organization Controls 1

System and Organization Controls 1, or SOC 1, aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.

System and Organization Controls 1 Type 2

Report on the fairness of the presentation of management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

System and Organization Controls 2

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

System and Organization Controls 2 Type 2

SOC 2 Type 2 compliance evaluates an organization's cybersecurity controls over a period of time.

System and Organization Controls 3

A report that outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality, and privacy.

Statement on Standards for Attestation Engagements 16 Type 2

The SSAE 16 audit will result in a Service Organization Control (SOC) 2 report.

Statement on Standards for Attestation Engagements No. 18

SSAE 18 is a standard established by the AICPA that enhances the quality and consistency of service organization control reports.