SouthData has successfully completed SSAE 18 SOC 1 and SOC 2 examinations for third party attestation of internal control by an independent service auditor firm. SouthData first underwent this process in 2008 and has continued to undergo the SOC examination process annually, as part of its commitment to the security, availability and processing integrity of data and systems. SouthData’s SOC 1 and SOC 2 examinations are Type II, examining the suitability of the design of SouthData’s controls, as well as their effectiveness over a period of time.
The American Institute of Certified Public Accountants (AICPA) has designed the SOC suite of services for reporting on internal control at a service organization to assist users with identifying and addressing risk associated with the service organization’s service or system. (www.aicpa.org/soc).
Additional information on SSAE 16 and Service Organization Control reports can be viewed at the AICPA's new web page (www.aicpa.org/soc).
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). Source: www.pcicomplianceguide.org. SouthData is PCI Level 3 compliant.
The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.