Security and compliance are top priorities for Grazitti because they are fundamental to securing data, eliminating systems vulnerabilities, and ensuring business continuity. Security is a key component in our offerings and is reflected in our people, process, services, and products. Grazitti uses a variety of industry-standard technologies to secure data from unauthorized access, disclosure, use, and loss.
Health care privacy concerns are governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) of 2009. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA. The purpose of the Privacy Rule is to establish standards with respect to the confidentiality of an individual’s protected health information or PHI by entities that are subject to HIPAA.
Grazitti is in compliance with the Privacy Rule within HIPAA Title II and exercises physical, technical, and administrative safeguards in compliance with HIPAA Security Rule. We can sign a Business Associate Agreement (BAA) with our customers who require data services, to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA).
ISO 27001 (formally known as ISO/IEC 27001:2013) is an internationally recognized information security management standard which ensures that a business has rigorous information security processes in place. ISO 27001 includes all legal, physical,technical, and organizational controls involved in an organization’s information risk management processes, with the aim of keeping information secure.
Grazitti is ISO 27001:2013 certified and is committed to identifying risks, assessing implications, and putting systemized controls in place. Achieving the certification demonstrates that Grazitti is following international information security best practices.
PIMS (BS 10012)
Personal Information Management System, also called BS 10012 provides a best practice framework for a personal information management system (PIMS) that is aligned to the principles of the EU GDPR, to help companies comply with the Data Protection Act, 1998.
It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals. Organizations can improve their data storage protection by following the framework contained in the standard, which enables them to create a tailored system for managing personal information. Grazitti is PIMS (BS 10012) certified with a variety of security measures in place to prevent unauthorized access and processing of personal data.
SSAE 18 SOC 1 and SOC 2 Type II
SSAE 18, also called Statement on Standards for Attestation Engagements 18, is a regulation developed by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls. While the SOC 1 report focuses on a company’s internal control over financial reporting, the SOC 2 report focuses on non-financial controls such as, security, availability, processing integrity, confidentiality, and privacy.
The Grazitti Service Organization Controls (SOC) (SOC 1 Type II and SOC 2 Type II) Reports are independent third-party examination reports that demonstrate how Grazitti achieves key compliance controls and objectives. The purpose of these reports is to help you understand the controls that Grazitti established to support operations and compliance.