Mirrored Storage is certified for all compliance-related regulations and automates virtually every aspect required or recommended by various standards bodies.

Industry Compliance

HIPAA

Healthcare Insurance Portability and Accountability Act of 1996

Physicians, other covered entities and their business associates should back up their data to an offsite and secure facility so that perils to the physical office and hardware would not substantially affect their ability to quickly resume business with an accurate and secure data set. Read more »

SOX

Sarbanes-Oxley Act of 2002

Compliance with Sarbanes-Oxley depends heavily on reports created from sensitive data, without even the appearance of impropriety in its compilation.  These reports must be generated from actual, factual data, with strict access and process safeguards all along the way and executive-authorized documentation to attest to the existence of and adherence to these safeguards. Remotely backing up the data that is crucial to the creation of these reports ensures that localized hazards such as fire, theft, or opportunistic or vindictive employees are neutralized and that the mission critical reports can be drawn from original data. Read more »

GLBA

Gramm-Leach-Bliley Act of 1999

Provisions to protect consumers’ personal financial information held by financial institutions. There are two principal parts to the privacy requirements as they relate to data management: The Financial Privacy Rule and the Safeguards Rule. Read more »

PCI

Payment Card Information

Mirrored Storage supports several areas of compliance with PCI.  These include encryption of data in transit and data at rest.  When a backing up data that includes card holder information the data is encrypted before transmission to Mirrored Storage and is kept encrypted at our sites with no one but the owner of the data has procession of the encryption keys and is the only one that can access the data.  Your data is in a facility that meets all PCI requirements for the physical and logical access. Read more »

e-CFR

Electronic Code of Federal Regulations

The Administrative Committee of the Federal Register (ACFR) has authorized the National Archives and Records Administration’s (NARA), Office of the Federal Register (OFR) and the Government Printing Office (GPO) to develop and maintain the e-CFR as an informational resource pending ACFR action to grant the e-CFR official legal status. Read more »

SSAE 16 SOC-1 Type II &
SAS 70 Type II

Physical and Logical Data Center Security Compliance

SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. The adjustments made from SAS 70 to SSAE 16 will help you and your counterparts in the US compete on an international level; allowing companies around the world to give you their business with complete confidence.

SSAE16 is now effective as of June 15, 2011, and if you have not made the necessary adjustments required, now is the time to find a quality provider to discuss the proper steps. All organizations are now required to issue their Service Auditor Reports under the SSAE 16 standards in a SOC 1 Report. Read more »