Virtacore maintains a number of important certification and compliance initiatives, both as a company and specific to the Virtacore cloud and co-location environments. Virtacore is currently SSAE 16 Type II SOC 1 and SOC 2 accredited, as well as PCI DSS compliant and Health Industry Portability and Accountability Act (HIPAA) ready. Customers delivering applications through Virtacore’s infrastructure take advantage of these certification to ensure compliance with their own internal controls and regulatory requirements.
SSAE 16 Type II SOC 1 and SOC 2
SSAE 16 Type II SOC 1 and SOC 2 compliance differentiates Virtacore from its peers by demonstrating our achievement of a defined set of effectively designed control objectives that are relevant to the cloud services industry and, in the case of a Type II report, that such controls have been operating effectively over a period of time. All reports are backed by an opinion issued by an independent CPA firm.
SSAE 16 Type II SOC 1 and SOC 2 reports ensure that all Virtacore clients and their auditors have access to the same information, thereby effectively replacing the need for Virtacore to be subject to multiple audits from clients or their audit firms. This accreditation allows Virtacore and our clients to recognize significant business process efficiencies, while also ensuring a solid control environment and continuous adherence to ever higher regulatory standards and best practices by implementing recommendations from the service auditor.
The SSAE audit process takes 4 months and 110 hours from start to finish, requiring collaboration between the independent CPA firm and Virtacore’s expert team. The CPA firm performs rigorous tests of Virtacore’s controls and security, including the following:
- Control Environment: Integrity and Ethics, Commitment to Competence
- Management’s Philosophy and Operating Style, Organizational Structure and Assignment of Authority and Responsibility, and Human Resource Policies and Practice
- Physical and Environmental Security
- Computer Operations – Backup, Storage, System Maintenance, and Uptime
- Information Security
- Data Communications
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a proprietary information security standard for organizations handling cardholder information for major credit card, debit card and related payment transactions. PCI DSS provides an actionable framework for developing a robust payment card data security process – including prevention, detection and appropriate reaction to security and credit card fraud incidents.
Virtacore’s infrastructure environment is fully PCI-compliant and validated annually. Required control objectives include:
- Building and Maintaining a Secure Network (including a firewall configuration)
- Protecting Cardholder Data (via encrypted transmission over open networks)
- Maintaining a Vulnerability Management Program (secure systems, anti-virus and related protections)
- Implementing Strong Access Control Measures (restricted physical and logical access with unique ID)
- Regularly Monitoring and Testing Networks (track and monitor access to network resources and data)
- Maintaining an Information Security Policy