What Compliance means to our Customers


In today's business market, service organizations are looking for a partner who can help them deploy IT infrastructure services and have the necessary controls and measures that comply with their local and corporate requirements. We achieve this by building a solid foundation around SSAE 16 requirements including physical security, data storage/security and control procedures that enable your company to feel confident that your data is in trusted hands. As a result, customers who have hosting services with us including dedicated servers, virtual private servers, public cloud servers, cloud computing, cloud storage and/or shared hosting can feel confident that they are in a secure, reliable and managed environment that has the proper controls for internet operations and highly available IT services.


Here are some examples of Aegisys compliance controls and physical security that our hosting environment supplements:


  • Facility and asset management
  • Logical access and access control
  • Network and information security
  • Computer operations
  • Backup and recovery
  • Change and incident management
  • Organizational and administrative controls
  • Security policies, reporting, and monitoring
  • Physical and logical security 

SSAE 16 Security Features


Aegisys helps you achieve compliance by providing:


  • SSL capability, Managed Encryption
  • Enterprise-level, application level protection
  • Hardware/Software firewall
  • IP-Restricted FTP & Aegisys FileCloud Alternative
  • Managed backups with guaranteed retention
  • Advanced 24/7monitoring, Automatic LIVE Response
  • Multi-level intrusion prevention (IPS/IDS/HIDS/NIDS)
  • Anti-Spam, Anti-Malware, Anti-Virus, Vulnerability Scans
  • Log Management, Hacker Checks

Remember: Picking a Cloud Provider that has Compliance doesn't grant you Compliance. You need to gain that on your own. IF your Provider Co-Locates equipment within someone else's data center, that doesn't grant them OR you Compliance. You BOTH will need to gain that on your own. 


Aegisys OWNS our networks in our HOSTING facilities. Let us help you meet your individual Compliance requirements. 

Compliance Policy Management


Aegisys policy reports help ensure both Aegisys and client device configurations conform to both internal business practices and federal regulations, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and Computer Inventory of Survey Plans (CISP). 


Risk Intelligence


Knowing where sensitive data is kept is step one of moving toward compliance. Try the Aegisys Risk Intelligence, which helps you locate sensitive data, even in hard-to-find persistent storage, so you can properly protect and secure that data against potential breaches.

Aegisys Standards

ISO 27002


Critical to our ongoing business improvements, Aegisys has implemented ISO 27002 established guidelines and principles for security management in our organization including designated best practices of control objectives and controls in the following areas of information security management:


  • security policy
  • organization of information security
  • asset management
  • physical and environmental security
  • communications and operations management
  • access controls
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • compliance


As a company, we have developed and implement standard organizational security standards and effective security management practices, and can give our clients reassurance that their business and governance requirements can be met.

COBIT


Aegisys utilizes the Control Objectives for Information and related Technology (COBIT) framework for their information technology management. COBIT is an industry leading IT framework for the governance and management of enterprise IT and represents a critical component of Aegisys’s compliance program including the ability for clients to work directly with certified staff to help build out and meet their specific IT requirements. The COBIT framework is focused on several distinct topic areas that help meet specific compliance and governance criteria. These areas include:


  • Audit and Assurance for managing vulnerabilities and ensuring compliance
  • Risk Management for evaluating and optimizing enterprise risk
  • Information Security to oversee and manage information security
  • Regulatory and Compliance to help us (and our clients) ahead of rapidly changing regulations
  • Governance of Enterprise IT that ensures alignment of IT goals and strategic business objectives.

PHIPA


Aegisys is fully compliant with PIPEDA (The Personal Information Protection and Electronic documents Act) and helps companies meet the mandatory provisions of the protection of person information. These provisions include, but are not limited to, the following:


  • Consent must be garnered for collection of personal information
  • Collection of personal information limited to reasonable purposes
  • Limits use and disclosure of personal information
  • Limits access to personal information
  • Stored personal information must be accurate and complete
  • Designates the role of the Privacy Officer
  • Policies and procedures for breaches of privacy
  • Measures for resolution of complaints
  • Special rules for employment relationships

PIPEDA


Aegisys is fully compliant with PIPEDA (The Personal Information Protection and Electronic documents Act) and helps companies meet the mandatory provisions of the protection of person information. These provisions include, but are not limited to, the following:


  • Consent must be garnered for collection of personal information
  • Collection of personal information limited to reasonable purposes
  • Limits use and disclosure of personal information
  • Limits access to personal information
  • Stored personal information must be accurate and complete
  • Designates the role of the Privacy Officer
  • Policies and procedures for breaches of privacy
  • Measures for resolution of complaints
  • Special rules for employment relationships

HIPAA


Aegisys is fully compliant with HIPAA. The main goal of HIPAA was to protect the privacy of patients and their protected health information (PHI), whether electronic, written, or oral.  These provisions include, but are not limited to, the following:


  • Data Privacy: Those working with health records must take appropriate steps to keep protected health information (PHI) private and also must comply with the law’s limits on the use and disclosure of PHI.
  • Data Security: Anyone working with health records must put administrative, physical, and technical measures in place to ensure the confidentiality, integrity, and security of PHI.


Aegisys Services such as our On-Premise Filecloud, and all services delivered via our new dashboard as fully HIPAA compliant.

PCI DSS Version 3.2

Aegisys conforms to the PCI Attestation of Compliance for Onsite Assessments Service Providers Version 3.2.