In today’s economy, it is pertinent for OSG to demonstrate adequate controls and safeguards while hosting and processing data that belongs to our valued customers.
SSAE 18 SOC 1 and SOC 2 Examinations
OSG has successfully completed SSAE 18 SOC 1 and SOC 2 examinations for third party attestation of internal control by an independent service auditor firm. OSG first underwent this process in 2008 and has continued to undergo the SOC examination process annually, as part of its commitment to the security, availability and processing integrity of data and systems. OSG’s SOC 1 and SOC 2 examinations are Type II, examining the suitability of the design of OSG’s controls, as well as their effectiveness over a period of time.
The American Institute of Certified Public Accountants (AICPA) has designed the SOC suite of services for reporting on internal control at a service organization to assist users with identifying and addressing risk associated with the service organization’s service or system. (www.aicpa.org/soc).
Additional information on SSAE 18 and System and Organization Control (SOC) reports can be viewed at the AICPA's new web page (www.aicpa.org/soc).
OSG has engaged a PCI Qualified Security Assessment Company (QSAC) to perform an annual onsite assessment and Report on Compliance. OSG maintains an Attestation of Compliance as a Level 1 service provider.
PCI compliance is required of any entity that transmits, processes, or stores cardholder data as part of business operations. The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 minimum requirements for securing payment cardholder data and associated systems. The PCI Data Security Standard is administered and managed by the PCI Security Standards Council www.pcisecuritystandards.org, an independent body created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB).
he HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.
The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. OSG is HIPAA Compliant.