Compliance Programs and Certifications
SSAE 16 SOC 2 Certification
At Canadian Cloud Hosting, one of our core missions is to help businesses meet their SSAE 16 certification requirements, in accordance with AT 101 (formerly the SAS70), which meets the new international service organizations standards for Type I and Type II reporting. Our SSAE 16 Type II SOC 2 compliant hosting practices allows organizations to achieve compliance for control objectives, and we help our customers do it for less money than it would take to adopt their own policies, infrastructure and expertise to implement the same control objectives alone. We provide a solid foundation built around SSAE 16 requirements including physical security, data storage/security and control procedures that enable your company to feel confident that your data is in trusted hands.
Canadian Cloud Hosting offers outsourced services, so it is crucial that we adhere to the standards set by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). The SSAE 16 Type II (formerly known as SAS 70) is a widely recognized auditing standard developed by AICPA and signifies a service organization has gone through an in-depth examination of their control objectives and control activities, especially relating to their information technology.
SSAE 16 Compliant Web Hosting and Security Features:
- SSL capability
- Enterprise-level, application level protection
- Hardware/Software firewall
- IP-Restricted FTP
- Managed backups with guaranteed retention
- Advanced 24/7monitoring
- Multi-level intrusion prevention (IPS/IDS)
- Anti-Spam, Anti-Malware, Anti-Virus
- Log Management
ISO 27002
Canadian Cloud Hosting has implemented ISO 27002, which is the standard for information security controls published by the International Organization for Standardization (ISO). ISO establishes the policies and procedures for information security management in our organization, including the best practices of control objectives and controls in the following areas:
- Security policy
- Organization of information security
- Asset management
- Physical and environmental security
- Communications and operations management
- Access controls
- Information systems acquisition, development, and maintenance
- Information security incident management
- Compliance
Canadian Cloud Hosting has developed and executed standard organization security measures and effective security management practices. Therefore, our clients can trust that their business and governance requirements are met.
PIPEDA
Any organization that collects personal information from individuals must adhere to policy and regulation set by PIPEDA (Personal Information Protection and Electronic Documents Act). Canadian Cloud Hosting is 100% compliant with PIPEDA privacy and security rules. The mandatory provisions of the protection of personal information consist of the following:
- Knowledge and consent must be obtained from the individual prior to the collection of personal information
- Collect personal information only under reasonable
- Limit use and disclosure of personal information
- Limit access to personal information
- Ensure accuracy and completion of stored personal information
- Designate the role of the Privacy Officer
- Provide policies and procedures for any privacy breach
- Deliver measures for resolution of complaints
- Special rules for employment relationships
PHIPA
Canadian Cloud Hosting is fully compliant with PHIPA (Personal Health Information Protection Act), an Ontario legislation established in 2004 that sets the rules for the collection, use, and disclosure of personal health information. As part of the PHIPA compliancy, information stored and user consent is given to the healthcare provider that obtains and maintains the data, not the hosting provider. Canadian Cloud Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario and ensures the following:
- A notification of any privacy breach is sent to the custodian immediately
- A plain language description of our services is provided
- An audit trail feature is prepared to track our database use
- A written risk assessment of the system
- Our own written privacy policies
