Compliance Programs and Certifications
AT 101 SOC 2 and SOC 3 Certification
In today's business market, service organizations are looking for a partner who can help them deploy IT infrastructure services and have the necessary controls and measures that comply with their local and corporate requirements. One of Canadian Web Hosting's core missions is to help businesses meet their SSAE 16 certification requirements in accordance with AT 101 (formerly the SAS70 and CSAE 3416 Type II), which meets the new international service organizations standards for Type I and Type II reporting.
We achieve this by building a solid foundation around SSAE 16 requirements including physical security, data storage/security and control procedures that enable your company to feel confident that your data is in trusted hands. As a result, customers who have web hosting services with us including dedicated servers, virtual servers (VPS), cloud servers, cloud computing, cloud storage and/or shared hosting can feel confident that they are in a secure, reliable and effect environment that has the proper controls for internet operations and highly available IT services.
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) issues the SSAE 16 Type II (formerly SAS 70) to service organizations that typically offer outsourced services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.
Download Canadian Web Hosting’s SOC 3 report, or contact us at firstname.lastname@example.org for our SOC 2 report.
Critical to our ongoing business improvements, Canadian Web Hosting has implemented ISO 27002 established guidelines and principles for security management in our organization including designated best practices of control objectives and controls in the following areas of information security management:
- security policy
- organization of information security
- asset management
- physical and environmental security
- communications and operations management
- access controls
- information systems acquisition, development and maintenance
- information security incident management
- business continuity management
As a company, we have developed and implement standard organizational security standards and effective security management practices, and can give our clients reassurance that their business and governance requirements can be met.
Canadian Web Hosting is fully compliant with PIPEDA (The Personal Information Protection and Electronic documents Act) and helps companies meet the mandatory provisions of the protection of person information. These provisions include, but are not limited to, the following:
- Consent must be garnered for collection of personal information
- Collection of personal information limited to reasonable purposes
- Limits use and disclosure of personal information
- Limits access to personal information
- Stored personal information must be accurate and complete
- Designates the role of the Privacy Officer
- Policies and procedures for breaches of privacy
- Measures for resolution of complaints
- Special rules for employment relationships
Canadian Web Hosting is 100% PHIPA (Personal Health Information Protection Act) compliant. PHIPA is comparable to HIPAA (Health Insurance Portability and Accountability Act) and is often considered the Canadian equivalent. Customers should note that as part of the PHIPA compliancy, information stored and user consent is given to the healthcare provider that obtains and maintains the data, not the hosting provider. Canadian Web Hosting is 100% Canadian owned and operated and all servers and infrastructure are located in Canada.
As the IT service/hosting provider, Canadian Web Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario (www.ipc.on.ca). We ensure the following:
- Send a notification of any privacy breach to the custodian as soon as possible
- Provide a plain language description of our services
- Prepare an audit trail feature to track the use of our database
- Have written risk assessment of the system
- Have our own written privacy policies
Canadian Web Hosting (CWH) utilizes the Control Objectives for Information and related Technology (COBIT5) framework for their information technology management. COBIT5 is an industry leading IT framework for the governance and management of enterprise IT and represents a critical component of CWH’s compliance program including the ability for clients to work directly with certified staff to help build out and meet their specific IT requirements The COBIT5 framework is focused on several distinct topic areas that help meet specific compliance and governance criteria. These areas include:
- Audit and Assurance for managing vulnerabilities and ensuring compliance
- Risk Management for evaluating and optimizing enterprise risk
- Information Security to oversee and manage information security
- Regulatory and Compliance to help us (and our clients) ahead of rapidly changing regulations
- Governance of Enterprise IT that ensures alignment of IT goals and strategic business objectives.
What This Means for Our Customers
Customers can now outsource web-hosting services including Dedicated Servers, virtual servers (VPS), CA Cloud Servers and/or Shared Hosting to a provider that already meets SSAE 16 requirements. In doing so, you can focus your company's time, money, and manpower on core functions that will drive additional revenue to your business. Here are some examples of Canadian Web Hosting's SSAE 16 compliance controls and physical security that our hosting environment supplements:
- Facilities and asset management
- Logical access and access control
- Network and information security
- Computer operations
- Backup and recovery
- Change and incident management
- Organizational and administrative controls
- Security policies, reporting, and monitoring
- Physical and logical security
SSAE 16 Compliant Web Hosting and Security Features:
Canadian Web Hosting is the industry leader in delivering 100% Canadian web hosting solutions for businesses requiring a SSAE 16 certification with their web hosting environment. When combined with our enterprise-grade web hosting hardware, and a securehosting environment that features many leading technologies including our Unified Security Services, Canadian Web Hosting will help you achieve compliance.
- SSL capability
- Enterprise-level, application level protection
- Hardware/Software firewall
- IP-Restricted FTP
- Managed backups with guaranteed retention
- Advanced 24/7monitoring
- Multi-level intrusion prevention (IPS/IDS)
- Anti-Spam, Anti-Malware, Anti-Virus
- Log Management