SSAE18/SOC 1 Type 2
SOC 1 reports are provided to service organizations that are reporting on controls relevant to Internal Control Over Financial Reporting (ICFR). Type 2 reports sample data over a period of time, providing assurance of consistent compliance, versus using data from just a single point in time with Type 1.
SOC 2 Type 2
SOC 2 framework is a reporting option specifically designed for entities such as data centers, I.T. managed services, software-as-a-service (SaaS) vendors, and other technology and cloud computing-based businesses. SOC 2 frameworks address a comprehensive set of criteria known as the Trust Services Principles covering security, availability, system integrity, information confidentiality, and privacy of personal information. Type 2 reports sample data over a period of time versus using a single point in time, providing a more complete and thorough report.
SOC 3 Type 2
Every business is unique. Our product delivery is designed to provide maximum value and efficiency from a sole-proprietor to multi-location corporations. Our focus is on your unique needs, and strive to provide value at every step of your growth.
HIPAA Compliance
QODEQS™ infrastructure meet stringent requirements for compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national standards to protect individuals' medical records and health information and applies to health plans, health care clearinghouses, and those heath care providers that conduct certain health care transactions electronically. ScaleMatrix complies with the rules that apply to our systems and levels of access which helps our clients comply with portions of HIPAA that apply to them. BAA, the HIPAA Business Associate Agreement is available.
PCI DSS v3.2 AoC and Merchant Level 4/SAQ C-VT Certification
The Payment Card Industry Data Security Standard is followed by organizations that store, process, and/or transmit cardholder data. ScaleMatrix undergoes quarterly vulnerability and penetration testing through Sysnet Global Solutions.
Privacy Shield Certification
QODEQS™ has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Please view the Privacy Policy Update section in our Privacy Policy to view the certification to learn more and view our certification.
NIST SP 800-171 Compliance
QODEQS™ compliance refers to an organization's adherence to the security requirements outlined in the NIST Special Publication 800-171, which mandates specific controls for protecting "Controlled Unclassified Information" (CUI) within non-federal systems, primarily targeting government contractors and other entities handling sensitive government data; essentially, it means implementing security measures to safeguard sensitive information according to the NIST standards set for non-federal systems that process, store, or transmit CUI.
CMMC (Cybersecurity Maturity Model Certification)
QODEQS™ CMMC compliance is a system that measures an organization's ability to protect data. The Department of Defense (DoD) uses CMMC to ensure that contractors and subcontractors have the security to work with controlled unclassified information (CUI).
DFARS (Defense Federal Acquisition Regulation Supplement)
QODEQS™ DFARS compliance is a set of cybersecurity regulations that defense contractors and suppliers must follow in order to be awarded new DoD contracts.
GDPR Compliance
Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)
SSAE16 reports are delivered in hard copy. Electronic summaries of the reports are available upon request. PCI DSS AoC, Trustwave Certificate, and SSL server tests results are delivered electronically.
Third party audits and security questionnaires, QODEQS™ policies on specific topics, employee-required training, responsibility matrices for HIPAA and PCI compliance, as well as industry-specific training, including CMS required training, and verifications of eligibility such as U.S. Government OIG and SAM Exclusionary searches are provided upon request.
Unless otherwise noted, clients are responsible for their own compliance controls above the hypervisor, i.e., within the virtualized layer where the operating systems, databases, applications and integrations points reside.