SSAE 16 Type II
Committed to Securing Your Sensitive Data
At Netgain, we take on the responsibility of protecting your patients’ ePHI as a SSAE 16 Type II Certified hosting partner. Each year we go through rigorous, external, security audits to ensure our physical environment as well as our processes and procedures are in line with what’s needed to protect our clients’ data.
Why is it important to find a SSAE 16 Compliant provider?
When your organization trusts your data to a service provider, you need to be absolutely confident that they are doing what they are contracted to do for you. An SSAE 16 audit affirms this so you know the equipment you rely on is sound and your data is well managed and protected.
Netgain provides customers with documentation of the SSAE 16 Type II Compliancy. This not only saves valuable time and money for customers needing to meet SSAE 16 compliancy standards, but also in reaching PCI Compliance Standards.
What is SSAE 16?
Set forth by the American Institute of Certified Public Accountants (AICPA), the Statement on Standards for Attestation Engagements (SSAE) no. 16 audit reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy.
- Type I report describes the service organization’s controls at a specific point in time.
- Type II report describes the service organization’s controls through testing and over a period of time (usually six months).
The audit evaluates and tests Netgain’s internal policies and procedures including data storage, building and data center access/security, change procedures of hardware and software, and customer data security.
The SSAE 16 audit independently verifies the validity and functionality of a Data Center’s control activities and processes. These control activities and processes are important to healthcare organizations who need to validate the security of their sensitive information controls. An annual audit is performed to both verify that procedures are in place and effective, and that they are maintained.