If your business handles sensitive information, it’s likely that your site will need to follow strict procedures and ensure effective controls are in in place so that you have confidence that your data resides on a secure network.
This is where PCI/DSS compliance and SSAE16 certifications come in. Both of these security-related requirements ensure that important information, such as credit card info and SSN/SIN numbers, are properly stored and transferred on a highly secure infrastructure.
PCI/DSS Compliance
Achieving PCI/DSS compliance is an arduous process, especially for those who are new to it, but we’re here to help. When you host with Dynamic, 9 of the 12 PCI/DSS requirements are satisfied out-of-the box. We’ve helped guide many of our clients through the remaining steps so that they successfully attain and maintain PCI/DSS compliance.
SSAE16 Certification
If you need to manage a site that deals with sensitive information (financial, medical, software as a service), you’ll likely need to host with a company that’s SSAE16 certified. The data centres we operate out of have successfully completed SSAE16 audit. Please feel free to contact us if you have any questions regarding SSAE16 and how it can benefit your business.
PIPEDA
The Personal Information Protection and Electronic Documents Act is often a misunderstood aspect of privacy compliance in Canada. It applies to all organizations in Canada involved in the collection, use or disclosure of personal information in the course of commercial activity (unless provincial privacy legislation exists that is substantially similar to PIPEDA).
It’s important to note that PIPEDA does not prevent an organization from transferring personal information however, it establishes rules governing those transfers particularly with respect to obtaining consent for the collection, use and disclosure of personal information, securing the data, and ensuring accountability for the information and transparency in terms of practices. These considerations apply whether moving data in the cloud or otherwise.
We can help you develop data protection policies to ensure that sensitive data is appropriately secured and protected in cloud applications. By using methods that include encrypted, tokens as a surrogate value, and other techniques, you can have confidence that you adhere with Canadian Privacy Laws.