My coworkers at Wintellect have reminded me that it’s been a really long time since I’ve posted an entry to my weblog. About two and a half years actually. That’s a long time, and if you happened to be one of my readers you might have wondered what happened to me? Did Keith take another job? Am I somehow blocked from viewing his posts? Did he win the lottery, retire, and now spends his days sipping frozen drinks on a remote beach (don’t I wish)?
Truth in this case is much more simple. I’ve more or less been very busy, without many interesting things to discuss. Well, not any that I have been at liberty to discuss (to be clear, I *have* been working on interesting things – Wintellect still hasn’t agreed to pay me just for being here. YET.). I’m hoping to change that so here goes – the radio silence is now over.
Now, I still can’t talk about anything and everything that I would like to – I do have confidentiality restrictions (and common-sense restrictions) that aren’t going away, and in cases where I’m not sure about the sensitivity of a specific topic I will always err on the side of caution. But that doesn’t mean I don’t have anything to say.
These posts won’t always be technical. In some cases you might even wonder what tie-in a particular topic has to this blog at all. But I’ll try to keep it interesting at least.
Secure and able to meet specific compliance requirements.
Our methodology encompasses design through deployment and focuses on delivering solutions which are realistically implementable.
Our compliance services span the entire computing stack, from connectivity to applications, with stringent physical and logical security controls.
Shared responsibility and liability.
We take on our customer’s compliance and infrastructure concerns by becoming an extension of their team or their application development vendor. We share the responsibility and liability associated with maintaining a compliant environment, and stand by that commitment with a guarantee based on the defined lines of responsibility.
Utilize turnkey solutions.
We provide secure and compliant cloud environments with 24x7x365 proactive managed services.
Leverage proven industry experience.
You can rely on our deep knowledge of critical security frameworks including HIPAA/HITECH, HITRUST, PCI-DSS, IRS-1075 and SSAE 16.
Build a comprehensive program.
We help your organization begin or refine your compliance-based security practices.
Independent Security Testing and Certification
Atmosera has a proven, third-party verified Compliance Cloud to address the stringent standards associated with the following:
902
HIPAA/HITECH
We meet the requirements under the Health Insurance Portability and Accountability (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) acts. All operational, administrative, technical and physical security controls achieved a state of compliancy of “1,” demonstrating that Atmosera exhibits strong design in every respect.
904
HITRUST
We meet the requirements under Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) which comprises a robust set of security requirements and controls designed and maintained to keep confidential data safe and secure.
905
PCI-DSS Level 1
We meet the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and achieved the highest certification level achievable and designated for any service provider that stores, processes and/or transmits over 300,000 transactions annually.
906
IRS-1075
We are working on meeting the requirements under Internal Revenue Service Publication 1075 (IRS-1075) which provides guidance for US government agencies and their agents to protect Federal Tax Information (FTI).
907
SSAE 16 / SAS 70
Our data centers comply with Statement on Standards for Attestation Engagements 16 (SSAE 16) which is widely a recognized audit standards maintained by the American Institute of Certified Public Accountants (AICPA). The SSAE audit report allows service organizations to provide independent third party verification regarding the state of internal controls that govern the services provided to its user organizations.
Comprehensive compliance management services.
We provide daily, weekly, and monthly security oversight, maintenance, auditing, and reporting for customer environments deployed in the Atmosera Compliance Cloud. This service complies with security and data protection requirements which includes providing:
- Vulnerability scanning (V-Scan)
- Remediation
- Information security policy and procedure updates in alignment to changing standards and emerging practices
- Basic and enhanced options for File Integrity Management (FIM) and Security Information and Event Management (SIEM)
We always implement networks which deliver better security and usability.
All our deployments take into consideration the end-to-end solution and we secure all aspects of the network and connectivity.
- Defense in Depth – Our approach offers a flexible and customizable set of capabilities based on enterprise-grade standards for performance, availability, and response.
- WANs, MANs, LANs, and VPNs – We provide comprehensive networking and high-speed connectivity options from Wide Area Networks (WAN), Metropolitan Area Networks (MAN) and Local Area Networks (LAN), as well as managed Virtual Private Networks (VPNs) and firewalls.
- Stay current – We can be counted on to deliver proactive testing and the most secure network protocols.
- Reduce vulnerabilities – We help your team leverage advanced security features coupled with relentless vigilance from trained experts.