Compliance

Compliance without complication.

Our compliance department works with independent auditors and third-party organizations to meet the industry’s most stringent guidelines to provide you reports and information for your own compliance needs.

The physical and virtual controls of our facilities, network, and customer portal are an extension of your own, and we make it easy for you to get the information you need for your own audits.

To learn more about our compliance standards,

Safe Harbor is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides “adequate” privacy protection, as defined by the Directive.

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. One of the mechanisms the Cloud Security Alliance uses in pursuit of its mission is the Security, Trust, and Assurance Registry (STAR)—a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

If you store or process credit card data then PCI Compliance and network security are of primary concern to your business. To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). We help our customers meet their PCI compliance needs by providing an Attestation on Compliance from an independent QSA. The Attestation on Compliance can be used in conjunction with our SOC 2 report and ISO 27001 certification to demonstrate that the infrastructure meets the PCI controls. Customers and their auditors can use our reports to verify the PCI controls that are ARN Server’s responsibility are met.

For more information about and assistance to achieve, certify, and maintain PCI compliance for your ARN Server environment, please contact our sales team.

The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The ARN Server cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side.

For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your ARN Server environment, please contact our sales team.

ARN Server offers its customers the ability to choose precisely where to locate data, with  Data Center on five continents. For customers who wish to transfer data originating in the European Economic Area to a country outside the EEA, ARN Server offers European Model Clauses in the form approved by the European Commission and European Union's data protection authorities. The European Model Clauses guarantee European customers that ARN Server supports the necessary data privacy protections in every location on the globe.

For more information and delivery of the EU Model Clauses for your ARN Server environment, please contact our sales team.

Related Information