As a cloud-based solutions vendor, TrackVia primarily delivers its enterprise-grade service via distributed third-party data center providers located in the United States. Our security processes, procedures, technologies and controls reflect both the internal security practices of TrackVia, as well as those of the third-party data centers we utilize to deliver our service to customers.
TrackVia understands that our customers are subject to varying compliance and regulatory obligations. In order to effectively meet our customers’ needs, TrackVia’s engineering and operations group has created a security, governance and risk management framework of policies, procedures and standards that draws on many areas. Our policies, procedures and standards are based on aspects of the following control specifications:
• ISO/IEC 27000 series
• NIST 800-53
• Information Technology Infrastructure Library (ITIL)
• Health Insurance Portability and Accountability Act (HIPAA) Security Rule
• Federal Information Security Management Act (FISMA)
• Gramm-Leach-Bailey Act (GLBA) Interagency Guidelines
• Payment Card Industry (PCI) Data Security Standard v2.0
• Trust Services Principles and Criteria
Often, our customers have requirements above and beyond what our standard process or product offerings provide. In these situations, TrackVia will work with you, our customer, to tailor products or processes where possible and develop an ideal solution that is centered around you.
TrackVia’s data center operations obtain independent auditor reports and certifications annually. These provide our customers and their auditors the information on the design and operating effectiveness of TrackVia’s operational controls that is likely to be relevant to our customers’ internal control systems. These reports are available upon request. The independent auditor reports or certifications that TrackVia receives itself or via its third-party data-center providers include:
TrackVia’s data-center provider, ViaWest, has obtained a Service Organization Controls 1 (SOC 1), Type II report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. This dual-standard report is specifically intended to meet the needs of ViaWest customers and their auditors, as they evaluate the effect of the controls at ViaWest on their financial statement assertions. The SOC 1 report attests that ViaWest’s control objectives are appropriately designed and operating effectively. This report is available for ViaWest customers via the MySupportal portal.
In addition to the SOC 1 report, TrackVia’s data-center provider, ViaWest, obtains a Service Organization Controls 2 (SOC 2), Type II report. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that is an evaluation of controls specific to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality and privacy applicable to service organizations. The SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security and the availability principles set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency security and availability controls based on a predefined industry standard of leading practices and further demonstrates commitment to providing customers with assurance, confidence and transparency. This report is available upon request.
In addition, TrackVia’s data-center provider, ViaWest has earned an SOC 3 report, which is a Trust Services Report (Trust Services Principles, Criteria, and Illustrations) specifically designed to meet the needs of customers and potential customers who want assurance about ViaWest controls related to one or more of the Trust Services Principles (security, availability, processing integrity, confidentiality, or privacy) but do not need the level of detail provided in a SOC 2 Report. ViaWest’s SOC 3 report on the Security and Availability Trust Services Principles is available upon request.
TrackVia and its data-center provider, ViaWest, does not store, transmit, or process electronic Protected Health Information (ePHI). Additionally, ViaWest engaged Coalfire Systems, a leading IT Governance, Risk and Compliance firm, to conduct an independent assessment of the physical components of ViaWest’s Colocation and Managed Service hosting offerings for compliance with the physical security-related safeguards associated with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This assessment report applies to ViaWest’s Cornell, Synergy Park, DeLong and Arapahoe facilities and is available upon request.
US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data. The process was developed by the US Department of Commerce in consultation with the EU. The Safe Harbor Principles are designed to prevent accidental information disclosure or loss. TrackVia and its data-center partner annually re-register and adhere to the program. These achievements demonstrate commitment to processes and standards that enable us to maintain the governance and security controls our customers need to help meet their regulatory obligations. By having a dedicated compliance department we believe we are uniquely qualified to provide high-quality services to our customers.
Upload a spreadsheet, or simply build something from scratch. Whichever method you choose, TrackVia's online database makes it drop-dead easy, with zero programming required.Start Your Free Trial Today