SiteHost is able to provide Compliance Services in order to protect the needs of your business. We have experience with industry-leading compliance frameworks and are willing to work with your assurance team to provide certainty that we can deliver services compliant with your security controls requirements.
Below is a summary of industry-leading compliance schemes. Contact our team if you would like more information.
PCI DSS Compliance
Companies that accept Visa and Mastercard are required to follow PCI DSS (Payment Card Industry Data Security Standard). This standard helps businesses process the information from customer’s payment cards securely.
CSA Security Trust Assurance and Risk (STAR)
CSA stands for Cloud Security Alliance and is the industry's most powerful program for security assurance in the cloud. This certification confirms that the company is using best practices in relation to its security management. It focuses on principles such as having transparent services, thorough auditing and minimizing conflicts between standards.
The European Union’s new General Data Protection Regulation (GDPR) came into force in May 2018. This regulation provides greater protection for customer information, as well as for movement of personal data.
SOC 2 (Service and Organization Controls)
This report focuses on the non-financial reporting controls of a business and is related to security, availability, processing integrity, confidentiality and the privacy of a system. The reporting of these controls follows the requirements from Trust Service Criteria, which helps evaluate whether the design and operating effectiveness of the controls is sustainable.
NZISM (New Zealand Information Security Manual)
The New Zealand Government’s manual on information assurance and information systems security provides technical and security guidelines for government departments and agencies. This manual aims to help government and agencies understand the value and risk of their data being placed in the cloud.
AS/NZS ISO/IEC 27002
This is a standard that provides security controls companies can implement in accordance with the particular security risks they face. It is also an implementation guidance for ISO 27001 as it helps companies with the requirements. The information security controls companies are encouraged to adopt within their information security management systems in ISO 27001 are derived from and aligned with ISO 27002.
This standard has been approved by the Telecommunications Industry Association (TIA) and the American National Standards Institute (ANSI). It outlines guidelines and requirements that data centres should implement in order for the infrastructure to support growth and changes. This standard also provides different rating levels, also known as tier levels. The data centres, depending on which rating level requirements it satisfies, have either single or redundant capacity components and distribution paths serving the computer equipment.
If you have any specific compliance requirements - either under the above or any other compliance or assurance framework - please contact us to discuss these requirements in detail so we can provide you with the right services.
Be aware that different locations or services, could require different compliance states.