Many businesses now face mandates to maintain and demonstrate proper control and safeguards when handling electronic data. Industry-specific regulations to impose confidentiality, industry portability, and preservation of records force many organizations to implement processes to support data backup and recovery objectives.
To support customers, IBackup continues to maintain high compliance standards relating to data privacy, safekeeping and access.
Statement on Standards for Attestation Engagements (SSAE) 16 is an auditing standard for service organizations, superseding SAS 70, which IBackup previously maintained. IBackup has completed the necessary audits and can provide supporting documentation to demonstrate that it meets the standards defined by SSAE 16.
SSAE 16 reporting can help service organizations comply with several regulations such as Sarbanes Oxley's (section 404) to show effective internal controls covering financial reporting. IBackup can also assist companies within the medical, accounting and legal professions to comply with regulatory standards including the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA), Securities and Exchange Commission (SEC), and Financial Industry Regulatory Authority, Inc. (FINRA)
More information on how IBackup assists its customers comply with different regulatory standards can be found on IBackup's Compliance Page.
IBackup addresses data security and privacy concerns by employing a robust security model that includes encrypted data transmission and storage, restricted physical access, and password protection safeguards among its several layers of security measures used to protect customer data.
EU-US Privacy Shield
The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Its purpose is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens. This framework replaced the old EU Safe Harbor Privacy Principles, which IBackup was previously certified with, after it was declared invalid by the European Court of Justice in October 2015. Learn more on how IBackup will assist with GDPR compliance.
Data is encrypted and securely transmitted to IBackup servers residing at world-class data centers. These data centers provide Service Organization Control (SOC) approved data protection services. All transmitted data is automatically verified each time a backup takes place.
Storage / Encryption
Data files are encrypted on transfer and stored using AES 256-bit encryption. Data resides on RAID-protected industry leading NAS / SAN storage devices with multiple levels of redundancy and is available for online restores 24/7.
Encryption based on a private encryption key ensures data stored on IBackup servers cannot be decrypted by anybody other than you and your authorized personnel. Private encryption keys are never stored or escrowed on IBackup servers as is.
Data access is restricted by password and private key authentication. All access to the stored data is documented and time/date stamped. Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required.
Physical access to the vaults and the data center housing IBackup servers is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized physical access to IBackup servers.
Account passwords are never stored or transmitted to IBackup in plain text.
While IBackup meets several technical safeguards for maintaining data security, full compliance with specific regulatory requirements is not guaranteed by simply implementing IBackup solutions. It is important that organizations consult with their legal counsel to ensure applicable compliance regulations are satisfied.