It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation

When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one of its top priorities was compliance. As a company that prides itself on delivering compassionate, effective and innovative services that empower people to achieve the highest level of independence possible and to build better lives for themselves, RHD understood that compliance was vital to their operations.

A large portion of RHD’s funding comes from U.S. Government health Programs. As such, compliance with the Health Insurance Portability and Accountability Act (HIPAA) was non-negotiable. HIPAA is a law designed to provide standards of protection for patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

After an extensive search for the right cloud provider, they selected iland, because it “provided extensive reports showing the compliance of both the cloud platform and organizational processes to HIPAA along with SOC compliance reports. This gave RHD the confidence needed. They understood from these discussions that the target failover location would still maintain their HIPAA compliance.”

Why is compliance so valuable and important?

Compliance is like insurance. It’s not the most fun thing to talk about, and it often does not feature prominently in a company’s marketing materials, but the process of making sure that a company follows the laws, regulations, and ethical practices that apply to its industry as well as any part of the globe that it touches, is essential.

When a company attains compliance, it:

  • Reduces organizational and individual risk
  • Allows employees to operate with more confidence
  • Ensures availability of more reliable data
  • Levels the playing field between operators of all sizes.

Staying in compliance helps a business realize its mission and operate with the security of knowing that the data being handled on behalf of clients or customers is safe.

Abacus Group CTO Paul Ponzeka explains, “As more and more firms move operations into the cloud, they’re facing the increasingly difficult task of maintaining governance and control over applications, workflow and data. As application vendors increase their use and development of public cloud resources, users are following them. Firms need to adapt their compliance policies to encompass this new landscape. This means adopting proper use protocols for mobile and remote devices, as well as increasing use of security controls and review systems to get more transparency of how their data is being used. Gone are the days where a policy can state, ‘if it’s behind our fence, it’s controlled.’”

The details of compliance are often hard to understand, so it is advisable to work with a certified, experienced professional. iland has an in-house team of certified compliance staff that is ready to help ensure its clients have the necessary documentation to fulfill audit requirements in the U.S. the EMEA (Europe, the Middle East and Africa), and APAC (the Asia-Pacific Region). The iland Compliance Professional Services team works hand-in-hand with customers and channel partners to help address customer compliance demands.

iland has natively integrated advanced security features into its cloud platform, ensuring compliance with industry and governmental regulations. “Achieving a CSA Gold Certification validates the active security and risk programs in place at iland that helps identify, mitigate, and monitor information security risks to the scope of our management system,” said Frank Krieger, Director of Compliance at iland.

The most common categories of compliance

  • HIPAA (Health Insurance Portability and Accountability Act): A collection of U.S. regulations that sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance.
  • GDPR (General Data Protection Regulation): European Union (EU) regulation on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
  • CJIS (Criminal Justice Information Services): Requirements outlined for CJIS such as networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths are all enforced for customers utilizing the CJIS services.
  • PCI-DSS: (Payment Card Industry): Security requirements are not to be taken lightly, since breaches continue to occur at an unprecedented rate. Both with internal auditors and external third-party audits, iland maintains strict adherence to PCI-DSS standards used in the housing and processing of payment card activities.

For most organizations, the prospect of trying to establish and maintain compliance can feel overwhelming, and there is no doubt it diminishes any employee’s ability to focus on the work that they were hired to do in the first place. That’s why so many companies are outsourcing their compliance needs to their cloud providers, in the understanding that those companies have procedures in place, and qualified personnel who can manage their compliance status and ensure that they stay on the right side of the law.

To find out more about how iland can help you ensure overall compliance, get in touch today with one of our expert consultants.

By Steve Prentice

Doug Hazelman Cloudberry

Managing an Increasingly Complex IT Environment

Managing Complex IT Environments The hybrid work model is here to stay—at least for the time being. That’s how things feel in these still uncertain times. This new way of work that has evolved from ...
Jim Fagan

The Geopolitics of Subsea Connectivity

Subsea Connectivity Digital transformation and the migration of data and applications to the cloud is a global phenomenon. While we may like to think that the cloud knows no borders, the reality is that geopolitics ...
Matrix

Are We Building The Matrix?…

When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
Marcus Schmidt

What IT Leaders Should Know About Microsoft’s Operator Connect

Microsoft’s Operator Connect Earlier this year, Microsoft announced a new calling service for Microsoft Teams (Teams) users called Operator Connect. IT leaders justifiably want to know how Operator Connect is different from Microsoft’s existing PSTN ...
David Loo

The Long-term Costs of Data Debt: How Inaccurate, Incomplete, and Outdated Information Can Harm Your Business

The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.