SOC 3 Type 2 Report will be available
online in Q1 2017.
Send an email to
and we will let you know when it is
ScaleMatrix assists clients with meeting HIPAA, PCI-DSS, and GLB compliance regulations by providing documentation of the necessary infrastructure-related controls for those certifications.
Physical controls include:
- 24/7/365 Armed Security Teams
- Two Factor Authentication
- Biometric Identity Verification at the Equipment Rack Level
- Extensive Use of Video Surveillance Throughout Our Data Center Locations
Network and logical controls include:
- Multi-Factor Authentication
- Hardware and Software Firewalls
- Vulnerability Scans
- Anti-Virus and Anti-Spyware Protection
- Intrusion Detection and Prevention Services
- Industry Standard Use of IPSEC, VPN, and SSL Certificates.
SOC 1 reports are provided to service organizations that are reporting on controls relevant to Internal Control Over Financial Reporting (ICFR). Type 2 reports sample data over a period of time, providing assurance of consistent compliance, versus using data from just a single point in time with Type 1.
The Payment Card Industry Data Security Standard is followed by organizations that store, process, and/or transmit cardholder data. ScaleMatrix undergoes quarterly vulnerability and penetration testing through Trustwave.
SOC 2 framework is a reporting option specifically designed for entities such as data centers, I.T. managed services, software-as-a-service (SaaS) vendors, and other technology and cloud computing-based businesses. SOC 2 frameworks addresses a comprehensive set of criteria known as the Trust Services Principles covering security, availability, system integrity, information confidentiality, and privacy of personal information. Type 2 reports sample data over a period of time versus using a single point in time, providing a more complete and thorough report.
ScaleMatrix data centers and cloud infrastructure meet stringent requirements for compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national standards to protect individuals’ medical records and health information and applies to health plans, health care clearinghouses, and those heath care providers that conduct certain health care transactions electronically. ScaleMatrix complies with the rules that apply to our systems and levels of access which helps our clients comply with portions of HIPAA that apply to them. BAA, the HIPAA Business Associate Agreement is available.
ScaleMatrix earned an SSL A rating through Qualys SSL Labs for ScalePanel used by our clients and staff. SSL provides for the secure transmission of data, and supports the technology behind encrypting sensitive information on the Internet. We provide our customers with security and peace of mind when working in our web applications.
The HITRUST Common Security Framework (CSF) provides a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. It aggregates existing globally recognized standards, regulations, and business requirements; including ISO, NIST, PCI, HIPAA, COBIT, and state laws into a coordinated security matrix. It is used by healthcare, business, technology and information security leaders to assist in safeguarding health information systems and exchanges.
ScaleMatrix provides you with the proper compliance
documentation that you need.
SSAE16 reports are delivered in hard copy. Electronic summaries of the reports are available upon request. PCI DSS AoC, Trustwave Certificate, and SSL server tests results are delivered electronically.
Third party audits and security questionnaires, ScaleMatrix policies on specific topics, employee-required training, responsibility matrices for HIPAA and PCI compliance, as well as industry-specific training, including CMS required training, and verifications of eligibility such as U.S. Government OIG and SAM Exclusionary searches are provided upon request.
ScaleMatrix audited controls matrix maps to a number of additional industry and compliance standards:
- Food and Drug Administration (FDA)
- U.S.-EU Safe Harbor (European Commission’s Directive on Data Protection)
- Gramm-Leach-Bliley (GLBA)
- International Traffic in Arms Regulations (ITAR)
- Federal Information Security Management Act (FISMA)
Unless otherwise noted, clients are responsible for their own compliance controls above the hypervisor, i.e., within the virtualized layer where the operating systems, databases, applications and integrations points reside.