| You are here: Home » Certifications » SAS 70 Certified Data Recovery
Certified Secure Data Recovery Services
SAS 70 / SSAE 16 Certified Company
Call us to talk to a Data Recovery Specialist Now
1-800-388-1266 Service Technicians Available 24/7/365 Days
Alternatively, you can also fill out a request help form online.
About SAS 70 Certification
Never trust a company with your data without proof of their privacy standards.
Information security is one of the most important factors to keep in mind when choosing a data recovery company. When a data recovery company doesn't use appropriate techniques to protect its customers' recovered information, data can be mishandled, compromising privacy laws and potentially costing thousands of dollars.
SAS 70 certification was a security standard that required regular audits of companies' information systems to ensure that proper controls were in place in the company's IT systems.
SSAE 16 / SAS 70 Audit Certification - See Audit Report Below:
Secure Data Recovery Services is one of the only data recovery companies to regular pursue independent, third-party SAS 70 audits, and through numerous positive reviews and our compliance with the new SSAE 16 standards, we've taken a dedicated approach to IT security to make it easy to trust our engineers with your valuable data.
Please see the latest SSAE 16 Audit Certification Report for Secure data Recovery Services below.
Data security is our highest priority, and in addition to SSAE 16 certification, we've received regular SAS 70 audits from independent auditing firms. These audits are further proof of the excellent data hosting and processing controls that we use to protect customer information and recovered data.
Why Security Is Important For Data Recovery Companies?
Data recovery engineers work with immense amounts of data, often including sensitive company information and personal user data. When data recovery companies don't have appropriate measures in place to protect this data, it may be externally accessible. This can illegally compromise the protections afforded by laws such as HIPAA, SOX, FERPA, NIST 800.34 and GLBA.
When a data recovery company doesn't follow any sort of IT security standards, anyone inside or outside of the recovery laboratory can access sensitive information.
This is particularly true when data is transferred electronically from a data recovery customer to its clients at the end of a recovery, as electronic data transfers can be especially susceptible to malicious attack. Many data recovery companies now offer online file transfer, as this is a quick way to return recovered files after a recovery is complete. Unfortunately, many companies fail to follow any sort of security standards whatsoever when returning data, which leaves data openly accessible.
Reputable data recovery companies avoid this threat by holding annual audits of their systems to meet standards like SAS 70. During these audits, IT systems are carefully assessed to ensure that there's no chance of accidental or intentional data misuse. Every aspect of a data recovery company's services is individually assessed to make sure that data is protected during and after the recovery.
Why Should Data Recovery Companies Hold SAS 70 and SSAE 16 Certifications?
There are dozens of ways to set up IT systems to properly protect data, but it's important that all controls are subjected to regular audits with an established set of standards. Otherwise, it's nearly impossible to guarantee that the necessary steps are being taken to prevent data misuse.
SAS 70 and SSAE 16 certifications both attest to the privacy and security features that a data recovery company uses to keep its customers' information secure. SAS 70 standards are a widely-used standard and are required by many companies, as they provide essential protection and data privacy and third-party auditors are readily available.
SSAE 16 is an updated version of SAS 70 standards. SSAE 16 is more comprehensive, and while it's still possible to pursue both certifications, most IT companies are using the updated standards of SSAE 16 during audits. Secure Data Recovery Services holds regular SSAE 16 audits and used the SAS 70 standards before the revisions and updates that led to SSAE 16.
The Differences Between SAS 70 And SSAE 16 Audits
During SAS 70 audits, Secure Data Recovery Systems' data recovery engineers would be required to do the following:
- Provide information about existing IT/IS security systems.
- Show security controls that prevent unauthorized access.
- Show relevant information about electronic data transfers including FTPs.
With the revisions of SSAE 16, companies were asked to provide a demonstration of all of their systems and controls. This means that in addition to the requirements of SAS 70, companies must provide:
- Demonstrations of file transfer protocols, encryption and other tools that protect data during electronic transfers.
- Demonstrations of lab security measures that prevent unauthorized data recovery engineers from accessing data.
- A clear description of new controls and the methods that the company will use to enact those controls.
SSAE 16 generally focuses more on demonstrations than written explanations of systems. SSAE 16 auditors refer to company evaluations as attestations rather than audits due to this emphasis on an actual demonstration of security techniques.
The new SSAE 16 standards have made SAS 70 less relevant, but SAS 70 reports are still a valuable resource that can provide the necessary proof of a business's security controls to meet the requirements of HIPAA and other laws. Audits and attestations for SAS 70 and SSAE 16 standards are completed each year to show that a company is keeping up with its set standards and to show any improvements in their systems from the previous year. The auditor is typically from a third-party company, which ensures impartiality and an accurate analysis of each company's IT security systems.
After each audit is complete, the auditor will issue a report that gives a detailed analysis of IT controls, risk management procedures and other essential aspects of a company's IT security. The auditor will also give a written opinion on the measures that the company is taking to meet SSAE 16 or SAS 70 standards. A detailed auditor's report can show whether HIPAA requirements and other legal obligations are being met.
Setting Standards for IT Safety
There are a number of reasons to look into security standards and certifications before setting up a new data recovery case. If your company must follow a set of privacy or patient protection standards to comply with laws like HIPAA, SOX or FERPA, certifications are especially important.
Secure Data Recovery Services takes serious efforts to protect your data at all stages of the data recovery process. With each case, data is only accessible to trained, professional data recovery engineers with individual certifications that guarantee your privacy.
When each case is complete, data is kept on our servers for several days until it can be received and verified by our clients. After verification, our copy of your data is deleted securely via HIPAA-compliant standards.
We take every possible step to ensure that your data is kept safe and completely secure. In addition to regular audits for standards like SSAE 16 and SAS 70, Secure Data Recovery Services regularly undergoes HIPAA audits for additional certifications. Regardless of your company's security needs, our engineers can handle your recovery quickly and professionally while meeting dozens of enterprise-level IT security standards.
Knowing Your Data Recovery Provider's Qualifications
When you look for a qualified, secure data recovery company, you should ask about certifications and ask to see relevant documents such as SAS 70 auditing reports. Certifications and audits show a true commitment to data security and can provide peace of mind during the recovery process.
Unlike most data recovery companies, Secure Data Recovery Services proves its statements about data security with online documentation of all certifications, including annual SAS 70 and SSAE 16 reports from qualified auditing firms. Secure Data Recovery Services also has special high security service options for government clients.
Never trust a company with your data without proof of their privacy standards. View all of our certifications for detailed IT security information and see proof of the steps that we take to protect our clients.