Compliance and Business Innovation

When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one of its top priorities was compliance. As a company that prides itself on delivering compassionate, effective and innovative services that empower people to achieve the highest level of independence possible and to build better lives for themselves, RHD understood that compliance was vital to their operations.

A large portion of RHD’s funding comes from U.S. Government health Programs. As such, compliance with the Health Insurance Portability and Accountability Act (HIPAA) was non-negotiable. HIPAA is a law designed to provide standards of protection for patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

After an extensive search for the right cloud provider, they selected iland, because it “provided extensive reports showing the compliance of both the cloud platform and organizational processes to HIPAA along with SOC compliance reports. This gave RHD the confidence needed. They understood from these discussions that the target failover location would still maintain their HIPAA compliance.”

Why is compliance so valuable and important?

Compliance is like insurance. It’s not the most fun thing to talk about, and it often does not feature prominently in a company’s marketing materials, but the process of making sure that a company follows the laws, regulations, and ethical practices that apply to its industry as well as any part of the globe that it touches, is essential.

When a company attains compliance, it:

• Reduces organizational and individual risk
• Allows employees to operate with more confidence
• Ensures availability of more reliable data
• Levels the playing field between operators of all sizes.

Staying in compliance helps a business realize its mission and operate with the security of knowing that the data being handled on behalf of clients or customers is safe.

Abacus Group CTO Paul Ponzeka explains, “As more and more firms move operations into the cloud, they’re facing the increasingly difficult task of maintaining governance and control over applications, workflow and data. As application vendors increase their use and development of public cloud resources, users are following them. Firms need to adapt their compliance policies to encompass this new landscape. This means adopting proper use protocols for mobile and remote devices, as well as increasing use of security controls and review systems to get more transparency of how their data is being used. Gone are the days where a policy can state, ‘if it’s behind our fence, it’s controlled.’”

The details of compliance are often hard to understand, so it is advisable to work with a certified, experienced professional. iland has an in-house team of certified compliance staff that is ready to help ensure its clients have the necessary documentation to fulfill audit requirements in the U.S. the EMEA (Europe, the Middle East and Africa), and APAC (the Asia-Pacific Region). The iland Compliance Professional Services team works hand-in-hand with customers and channel partners to help address customer compliance demands.

iland has natively integrated advanced security features into its cloud platform, ensuring compliance with industry and governmental regulations. “Achieving a CSA Gold Certification validates the active security and risk programs in place at iland that helps identify, mitigate, and monitor information security risks to the scope of our management system,” said Frank Krieger, Director of Compliance at iland.

The most common categories of compliance

• HIPAA (Health Insurance Portability and Accountability Act): A collection of U.S. regulations that sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance.
• GDPR (General Data Protection Regulation): European Union (EU) regulation on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
• CJIS (Criminal Justice Information Services): Requirements outlined for CJIS such as networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths are all enforced for customers utilizing the CJIS services.
• PCI-DSS: (Payment Card Industry): Security requirements are not to be taken lightly, since breaches continue to occur at an unprecedented rate. Both with internal auditors and external third-party audits, iland maintains strict adherence to PCI-DSS standards used in the housing and processing of payment card activities.

For most organizations, the prospect of trying to establish and maintain compliance can feel overwhelming, and there is no doubt it diminishes any employee’s ability to focus on the work that they were hired to do in the first place. That’s why so many companies are outsourcing their compliance needs to their cloud providers, in the understanding that those companies have procedures in place, and qualified personnel who can manage their compliance status and ensure that they stay on the right side of the law.

To find out more about how iland can help you ensure overall compliance, get in touch today with one of our expert consultants.

By Steve Prentice