You are here: Home ยป Certified Secure Data Recovery
Certified Secure Data Recovery Services
SSAE 16 Type II Certified Company
Call us to talk to a Data Recovery Specialist Now
1-800-388-1266 Service Technicians Available 24/7/365 Days
Alternatively, you can also fill out a request help form online.
|
|
Certified Secure Data Recovery Services
Secure Data Recovery Services takes an active approach to data security with regular audits of all of the systems we use to store and transfer data. Our certifications show how seriously we take your privacy and ensure that every case is handled appropriately. When choosing a data recovery company, it's important to verify all data security procedures and guidelines.
See more details on all of our featured security audit certifications below:
Never trust a company with your data without proof of their privacy & security standards.
Why Security Certifications Are Important?
All data recovery companies should follow widely-accepted security guidelines and should be regularly audited to ensure that proper IT security controls are in place. If a data recovery company doesn't pursue certifications, they may be putting their customers' data at risk.
Unsecured data recovery companies might allow all of their employees to access customer data, which can lead to serious security situations and violations of laws like HIPAA, GLBA, NIST 800.34, FERPA and SOX.
Poor data security controls can be particularly dangerous when recovered data is stored on servers or other networked devices. Externally accessing, reading and changing data can be extremely easy when data hasn't been properly encrypted or when connections aren't secured.
Security certifications like SSAE 16 and SAS 70 show that a data recovery company has taken exemplary steps to protect its clients' data. Regular third-party audits are the best way to spot security flaws and to keep a consistent approach to data protection.
Regardless of whether you're recovering sensitive data or not, a strong set of security certifications shows that your data recovery company is competent and capable of handling your case safely and professionally. By insisting on proof of security certifications, you can ensure that you're using a competent and capable data recovery provider.
PCI Compliance Certification
Ensuring Data Security Through Independent PCI Complient Audits
The Payment Card Industry has a set of data security standards that are intended to protect credit card holders from fraudulent charges and other card misuse. A data recovery company is PCI compliant if it follows these standards and undergoes regular audits to ensure that all electronically-stored credit card info is kept safe at all times.
PCI compliance is mandatory for businesses that handle credit card information. Data recovery companies often handle large amounts of financial data during the recovery process and extra care is needed to ensure that access to recovered data is limited and that files are kept protected with firewalls, encryption and other essential security tools.
In order to be PCI compliant, data recovery companies must:
- Provide information about their data security systems including firewalls, encryption and other controls that prevent external access.
- Show exemplary access control, meaning that credit card information can only be accessed by authorized individuals. Good access control also means that hard drives, servers and other electronic media that could possibly store credit card info are kept protected at all times and aren't easily accessible.
- Regularly update their systems and look for potential weaknesses. All data recovery companies need to regularly update their security controls to avoid potential issues. It's important to use new technology and the latest IT security techniques to protect data from malicious attacks.
Every data recovery company needs to be PCI compliant, but some companies don't take the necessary steps to ensure compliance each year. These data recovery providers may have serious security vulnerabilities that leave data unprotected.
SAS 70 Certification
Statement on Auditing Standards 70 is one of the most widely-accepted auditing standards for information security. Auditors assess all of the systems and controls that a company uses to store and transfer data.
To achieve an SAS 70 certification, a data recovery company must:
- Submit an overview of their systems and controls. This might include information about the servers that data recovery companies use to store recovered data.
- Show access control and the systems in place that prevent unauthorized access to client data.
- Explain in detail how electronic file transfers are handled. Information about firewalls and other security controls will be evaluated to ensure that data is secure during electronic transfers.
An auditor will review all of this information along with additional info about controls and data storage systems. The auditor then makes recommendations and provides a written analysis of the data recovery company's controls.
Data recovery companies should pursue SAS 70 certification and should undergo regular third-party audits to keep their certifications, as SAS 70 provides a basic system of security guidelines that establish effective protection of data privacy. Companies that don't pursue SAS 70 certification may not be able to provide secure data recovery services.
SSAE 16 Certification
The Statement on Standards for Attestation Engagements No. 16 was developed as a replacement for SAS 70. SSAE 16 certification requires an attestation rather than an audit, so achieving SSAE 16 certification can be difficult. This is especially true for data recovery companies and IT businesses with complex data storage systems, as these systems will be closely scrutinized during attestations.
SSAE 16 differs from SAS 70 in several important ways:
- SSAE 16 puts more of an emphasis on live testing than SAS 70, which is why auditors perform attestations rather than audits. This means that servers and physical security systems are tested by auditors annually to ensure that privacy controls are working as expected.
- A detailed written analysis of security controls needs to be conducted and submitted every year. SAS 70 standards required a far less extensive overview of a data recovery company's various systems.
- Auditors submit their opinions and finding as a part of their reports. This includes an overview of how tests were performed and opinions about potential security weaknesses.
Overall, SSAE 16 certification requires more testing and is a much more involved process than SAS 70 certification. Many companies require an SSAE 16 report when contracting IT work, but the data recovery industry has been slow to accept the standards due to the relative difficulty of the attestation process.
Secure Data Recovery Services is the first and to date the only data recovery company to achieve an SSAE 16 certification.
Protecting Your Data From Misuse Or Theft
Secure Data Recovery Services takes IT security seriously. The privacy of your data will always be protected during the data recovery process and ongoing attestations and audits are regularly performed to spot potential weaknesses in our systems.
From the minute your media arrives to the minute it's returned, we carefully control access and only allow qualified engineers to handle your data.
Encryption and secure file transfer protocols are used when data is electronically transferred. We keep a temporary copy of your data after it's recovered to prevent problems due to shipping delays. After your data has been confirmed, we use secure DOD7 data destruction techniques to destroy our backups.
Every process and control that we use is designed to protect your data and to keep your privacy safe. Unlike other data recovery companies, we provide proof of our statements about data security. All of our certifications and reports are posted here, so you can view unbiased attestations and audits for a comprehensive overview of our controls and processes.
Secure Data Recovery Services is also one of the only data recovery companies to offer special high-security services and a range of options to meet your business's turnaround requirements and security needs. Trust Secure Data Recovery Services for fast, dependable data recovery and excellent data protection.
