Compliance hosting is a service offered by many IT hosting companies, in which the hosting company provides a hosted solution (like a hosted server, hosted application, or hosted email server) that has been customized to comply with IT regulations such as PCI DSS, HIPAA, or SOX.
The main benefits of compliance hosting include not having to perform the compliance process yourself (which increases your productivity and decreases your IT hassles), the peace of mind of having the compliance process handled for you by the experts at an IT hosting company, the avoidance of the consequences of noncompliance, and increased security and reliability.
An IT regulation is a government or industry regulation that mandates how certain organizations should set up and manage their IT. Most of these regulations have to do with data security—how organizations should protect certain types of data from unauthorized access. The IT regulations that affect the largest number of organizations are the three mentioned in the introduction: the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley (SOX) Act.
PCI DSS is a set of data security standards created and enforced by the Payment Card Industry Security Standards Council, the members of which include American Express, Discover, MasterCard, and Visa. It requires any organization that handles payment card data to implement a comprehensive set of security measures, including firewalls, antivirus software, and encryption.
HIPAA is a federal law enacted in 1996 that requires healthcare organizations to protect their patients’ records from inappropriate access.
SOX is a federal law enacted in 2002 in response to a series of accounting scandals, such as those involving Enron, Tyco, and Worldcom, that requires certain businesses to maintain all financial and accounting data for at least five years.
Penalties for noncompliance may include public disclosure of the violation, fines of $1 million or more, and, in the most extreme cases, prison sentences of up to 20 years per violation.
IT regulations can be difficult for the average business to comply with by itself. To start with, some of these regulations are vaguely-worded and don’t really make clear what measures you’re supposed to implement; others have long lists of specific, highly-technical IT requirements that can be hard for a non-technical person to understand and act upon.
Implementing the measures necessary for compliance can be difficult, expensive, and time-consuming, too. To achieve compliance, you may have to acquire new hardware and software, precisely configure your IT assets, hire additional IT personnel, or assign your existing IT personnel to compliance-related projects and tasks, diverting them from more important or valuable work. You’ll also have to maintain compliance in the long run with measures such as performance and security monitoring, patch management, and penetration testing; in addition, you’ll have to pay attention to and adjust to any changes in the regulations.
Compliance hosting is an easier and potentially more cost-effective way to achieve compliance than attempting to comply with IT regulations by yourself.
As mentioned at the top, compliance hosting is a service in which the hosting company provides a hosted solution that has been customized to comply with certain IT regulations.
Most hosted IT solutions (hosted servers, hosted applications, hosted email servers, etc.) offered by IT hosting companies aren’t compliant with any IT regulations by default, and need to be supplemented with additional features and services. These features and services include:
24x7x365 security monitoring
Two factor authentication
Managed Active Directory
In most cases, signing up for compliance hosting by itself won’t make your business fully compliant with an IT regulation (though it does take care of about 90-95 percent of the entire compliance process). There are still a few relatively simple compliance measures that you have to perform yourself, such as implementing and documenting your internal security policies and protecting your onsite hardware (company PCs, thin clients, and tablets, for example) from physical theft or inappropriate access.
Your hosting provider may be able to advise you on how to implement these measures, though, either as part of the service or for an additional fee.
To sign up for or learn more about compliance hosting, contact your preferred hosting provider today.