Organizations in a wide range of sectors face an ever-increasing array of industry and government regulations surrounding their IT infrastructures and processes. Financial services firms, for example, must comply with Gramm-Leach-Bliley Act (GLBA) rules governing the protection of consumer financial information from foreseeable threats in security and data integrity. Healthcare organizations must take steps to safeguard sensitive patient data under the Health Insurance Portability and Accountability Act (HIPAA) as well as other rules. And any company that processes credit card payments is subject to the Payment Card Industry (PCI) Data Security Standard (DSS).

These rules can present a quandary to organizations wanting to outsource some or all of their IT infrastructure. It’s one thing to secure your own data internally. How can you ensure that your hosting provider measures up?

FusionStorm has resolved this dilemma for customers through Statement on Auditing Standards (SAS) 70 Certification. Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 is a widely recognized auditing standard that ensures customers that a service provider has been through an in-depth audit of its processes and controls.

“This is one of the most widely acknowledged certifications applied to hosting companies,” said FusionStorm CTO Vince Conroy. “It’s an officially titled report on transaction processing, IT infrastructure hosting and other services performed on an outsourced basis, including managed hosting providers like FusionStorm. It is not a ‘technical’ standard — it defines the financial and security controls that a hosting provider must have in place. It ensures customers that our processes are auditable according to the standards defined by the AICPA.”

The Service Auditor’s Report, prepared in accordance with SAS 70 guidelines, allows a service organization to effectively communicate information about its controls. This helps a customer’s independent auditors properly plan the audit and evaluate control risks in order to meet the requirements of Section 404 of the Sarbanes-Oxley Act.

“What that means to customers is that FusionStorm has made significant investments to ensure that our services meet these standards,” said Conroy. “Whether you’re required through legislation to outsource to a SAS 70-certified company, or simply want to ensure that auditable controls are in place, FusionStorm gives you respected, third-party recognition that our managed hosting services are reliable and secure.”

SAS 70 Certification is only one step that FusionStorm has taken to meet the demanding requirements of enterprise customers. As part of its SAS 70 Certification, FusionStorm has adopted an Information Technology Infrastructure Library (ITIL) framework for change control and IT operational processes. FusionStorm also offers hosting services that meet PCI standards.

In today's global economy, service providers must demonstrate that they have adequate controls and safeguards when they host or process customer data. FusionStorm has taken its world-class managed hosting services to the next level by incorporating key standards and processes into its best practices.