OnRamp Data Center Compliance Overview
OnRamp has stringent controls in place that comply with industry-recognized standards for the security and protection of sensitive, critical data. OnRamp participates in regular third party audits that include controls over information technology and related processes, policies, procedures and operational activities. These compliancies and certifications demonstrate that OnRamp is performing at optimal standards regarding security, availability and operating integrity.
The Statement on Standards for Attestation Engagements no. 16 (SSAE 16 SOC II) is the new “attest” standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants. Formerly known as “SAS 70,” an SSAE 16 SOC II audit includes controls over information technology and related processes, policies and procedures, including operational activities, and validates everything is performing at optimal standards regarding security, availability and operating integrity. As an SSAE 16 SOC II certified company, OnRamp been audited by a third party on our control activities related to:
- Logical and Physical Access
- Security of Environment and Information
- Secure Storage
The United States of America (U.S.)-European Union (EU) Safe Harbor Framework was created by the Department of Commerce in coordination with the European Commission to bridge the gap between data privacy regulations issued in the U.S. with the more stringent EU standards. Organizations seeking Safe Harbor must annually self-certify that they agree to adhere to the Safe Harbor requirements which the Federal Trade Commission enforces.
The Safe Harbor self-certification for OnRamp Access, LLC has been finalized and is effective as of 6/4/14.
As part of the company’s self-certification, OnRamp has developed its own self-regulatory privacy program that adheres to the seven privacy principles: Notice, Choice, Onward Transfer (Transfers to Third Parties), Access, Security, Data Integrity, and Enforcement and the 15 FAQs that make up the framework.
As HIPAA implementation experts, OnRamp partners with businesses to ensure HIPAA compliance. We have created systems, tools and procedures that help our customers tightly integrate our products and services with their own assets and procedures in a HIPAA-compliant fashion. Our goal is to eliminate the seams and gaps in protection that might otherwise occur. As your trusted partner in the HIPAA implementation process, OnRamp will work with you to design, implement and secure your systems and applications. OnRamp can act as your subject matter expert on what HIPAA requires, letting you remain focused on the day-to-day responsibilities of your core business.
OnRamp assists customers that transmit cardholder information with PCI compliance requirements. Using our experience building and deploying complex IT infrastructure for hundreds of companies, OnRamp works with customers to create PCI compliant solutions to accomplish all 12 of the PCI-DSS 3.0 requirements.
Additional Areas of Regulatory Focus:
- The Gramm Leach Bliley Act (GLBA)
- The Sarbanes Oxley Act (SOX)
- The Fair and Accurate Credit Transaction Act (FACTA)
- The Family Educational Rights and Privacy Act (FERPA)
- The Federal Information Security Management Act (FISMA)
- SEC Cybersecurity Threats Disclosure Guidance