It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation

When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one of its top priorities was compliance. As a company that prides itself on delivering compassionate, effective and innovative services that empower people to achieve the highest level of independence possible and to build better lives for themselves, RHD understood that compliance was vital to their operations.

A large portion of RHD’s funding comes from U.S. Government health Programs. As such, compliance with the Health Insurance Portability and Accountability Act (HIPAA) was non-negotiable. HIPAA is a law designed to provide standards of protection for patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

After an extensive search for the right cloud provider, they selected iland, because it “provided extensive reports showing the compliance of both the cloud platform and organizational processes to HIPAA along with SOC compliance reports. This gave RHD the confidence needed. They understood from these discussions that the target failover location would still maintain their HIPAA compliance.”

Why is compliance so valuable and important?

Compliance is like insurance. It’s not the most fun thing to talk about, and it often does not feature prominently in a company’s marketing materials, but the process of making sure that a company follows the laws, regulations, and ethical practices that apply to its industry as well as any part of the globe that it touches, is essential.

When a company attains compliance, it:

  • Reduces organizational and individual risk
  • Allows employees to operate with more confidence
  • Ensures availability of more reliable data
  • Levels the playing field between operators of all sizes.

Staying in compliance helps a business realize its mission and operate with the security of knowing that the data being handled on behalf of clients or customers is safe.

Abacus Group CTO Paul Ponzeka explains, “As more and more firms move operations into the cloud, they’re facing the increasingly difficult task of maintaining governance and control over applications, workflow and data. As application vendors increase their use and development of public cloud resources, users are following them. Firms need to adapt their compliance policies to encompass this new landscape. This means adopting proper use protocols for mobile and remote devices, as well as increasing use of security controls and review systems to get more transparency of how their data is being used. Gone are the days where a policy can state, ‘if it’s behind our fence, it’s controlled.’”

The details of compliance are often hard to understand, so it is advisable to work with a certified, experienced professional. iland has an in-house team of certified compliance staff that is ready to help ensure its clients have the necessary documentation to fulfill audit requirements in the U.S. the EMEA (Europe, the Middle East and Africa), and APAC (the Asia-Pacific Region). The iland Compliance Professional Services team works hand-in-hand with customers and channel partners to help address customer compliance demands.

iland has natively integrated advanced security features into its cloud platform, ensuring compliance with industry and governmental regulations. “Achieving a CSA Gold Certification validates the active security and risk programs in place at iland that helps identify, mitigate, and monitor information security risks to the scope of our management system,” said Frank Krieger, Director of Compliance at iland.

The most common categories of compliance

  • HIPAA (Health Insurance Portability and Accountability Act): A collection of U.S. regulations that sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance.
  • GDPR (General Data Protection Regulation): European Union (EU) regulation on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
  • CJIS (Criminal Justice Information Services): Requirements outlined for CJIS such as networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths are all enforced for customers utilizing the CJIS services.
  • PCI-DSS: (Payment Card Industry): Security requirements are not to be taken lightly, since breaches continue to occur at an unprecedented rate. Both with internal auditors and external third-party audits, iland maintains strict adherence to PCI-DSS standards used in the housing and processing of payment card activities.

For most organizations, the prospect of trying to establish and maintain compliance can feel overwhelming, and there is no doubt it diminishes any employee’s ability to focus on the work that they were hired to do in the first place. That’s why so many companies are outsourcing their compliance needs to their cloud providers, in the understanding that those companies have procedures in place, and qualified personnel who can manage their compliance status and ensure that they stay on the right side of the law.

To find out more about how iland can help you ensure overall compliance, get in touch today with one of our expert consultants.

By Steve Prentice

Gary Bernstein
Using Data to Gain Advantages Data collection is now omnipresent in every sector of the global economy. Several aspects of modern economic activity would not be possible without it, just as it would not be ...
Bi Tools
BI Tools For Data Scientists Many data scientists prefer to use open-source framework to code scripts; after all, it’s something they already trust to work. Business intelligence tools like Qlik Sense, Power BI, or Tableau, ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.