MULTACOM DATA CENTER COMPLIANCE OVERVIEW
MULTACOM SOC2 Type 2
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls. These reports can form an important part of stakeholders:
- Oversight of the organization
- Vendor management program
- Internal corporate governance and risk management processes
- Regulatory oversight
SOC2 Trust Service Principles examination includes:
- Organization and management
- Risk management and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations, and
- Change management
The Trust Service Principles of SOC 2 are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles have defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an opinion by auditor.
What is SOC 2 Type 2 Reports?
Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how MULTACOM achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand MULTACOM’s controls established to support operations and compliance.
Type 2 report has an audit period and provides evidence of how MULTACOM operated its controls of a period of time. Initial report is issued for previous period of 6 months and subsequent reports are issued annually covering a 12 month period since the previous report was issued.
Who performs the independent third-party audit of MULTACOM for the SOC Reports?
BrightLine CPAs & Associates, Inc. a leading provider of attestation and compliance services is the only company in the world that is a CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body and a FedRAMP 3PAO.
How do I request copy of MULTACOM’s SOC 2 Report?
You can request MULTACOM’s SOC 2 report by contacting firstname.lastname@example.org or by using the online request form.
To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). We help our customers meet their PCI compliance needs by providing an Attestation on Compliance from an independent QSA. The Attestation on Compliance can be used in conjunction with our SOC 2 report demonstrate that the infrastructure meets the PCI controls. Customers and their auditors can use our reports to verify the PCI controls that are MULTACOM’s responsibility are met.
For more information about and assistance to achieve, certify, and maintain PCI compliance for your environment, please contact our sales team.
The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. MULTACOM Data centers meet all of the necessary requirements for HIPAA on the data center/service provider side.
For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your environment, please contact our sales team.
*The scope of reports and statements made above relate to MULTACOM’s data centers and does not apply to shared hosting platform or any software managed by client. Shared hosting by nature is a shared environment that may not meet your required security standards. If you have any questions please contact our sales department.