Proven Technology | Innovative Feature Set | Compliance | Pricing | Screenshots | Brochure | Free Trial | Customer Login | Home
Regulatory Compliance with
Secure Online Backup 
Regulatory compliance has emerged in recent
years as one of the most challenging issues facing businesses. From SEC Rule
17a to Sarbanes-Oxley and HIPAA, numerous legislative requirements have been
introduced that dictate how electronic data is stored, retrieved and
recovered.
Many companies already have document retention policies, but new rules call
for even more secure methods for data backup and recovery. Even small,
private companies face data backup and recovery mandates from customers and
insurance providers. Organizations failing to meet these new regulatory
mandates face significant penalties including large fines and prison
sentences, not to mention incalculable damage to corporate reputation.
Please click on the links below to learn how Verssa Web Vault can help your organization to comply with the following acts.
SEC & NASD Compliance
The Securities and Exchange Commission (SEC) and the National Association of Securities Dealers (NASD) have instituted regulations that demand compliance surrounding the storage of financial records and electronic communications. Specifically, IT departments must implement processes that answer rules including:
-
The medium upon which the financial records are stored
-
The period of time the records must be stored, and
-
Accessibility and retention periods of email and instant messages.
Verssa Web Vault addresses security concerns by always keeping backup data encrypted and immediately available. Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required.
Adhering to stringent security, access, process, and redundancy safeguards, Web Vault features built-in access controls, audit logs, and an infrastructure that ensures compliance with this act.
-o-
The Gramm-Leach Bliley Act (GLB)
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.
The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional "financial institutions" are regulated by the FTC.
The Financial Privacy Rule governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information.
-o-
Health
Insurance Portability and Accountability Act (HIPAA)
For healthcare providers, maintaining PHI (Protected Health Information) accuracy, privacy, and security is not only important to remain compliant with HIPAA regulations, but also vitally important to your consumers.
HIPAA identifies three areas that covered entities must address concerning the protection of this information. Safeguards for administrative, technical, and physical security are the basis for ensuring the proper handling, access, storage, and recovery of PHI. You owe it to your customers to choose a comprehensive Data Protection solution that not only protects you, but your customers as well.
Adhering to stringent
security, access, process, and redundancy safeguards, Verssa Web Vault features built-in access controls, audit logs, and an infrastructure that ensures compliance with this act.
Verssa Web Vault data backup services fulfill the requirements of the HIPAA regulations as they relate to the following rules pertaining to data integrity, authentication, contingency planning, and access and audit controls as they relate to electronic Protected Health Information.
| HIPAA SECTIONS | Section Numbers | Description | Verssa Web Vault Solution |
| Contingency Plan |
164.308(a)(7)(i)
|
Standard: Contingency plan. Establish
(and implement as needed) policies and procedures for responding to
an emergency or other occurrence (for example, fire, vandalism,
system failure, and natural disaster) that damages systems that
contain electronic protected health information. Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. |
Web Vault provides a complete, secure
solution for the backup, retention and recovery of data. In the
event of an emergency, disaster, or other outage, exact copies of
your data are recoverable instantly using the Web Management
Console. In addition, Web Vault offers continuous data replication to another offsite world-class data center from the primary facility. |
| Authentication | 164.312(d) | Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. | Web Vault users are authenticated by a username and password, so only authorized individuals have access to sensitive data. Information is backed up and encrypted using 256-bit AES grade encryption standards. Data will remain encrypted and only authorized personnel on the client-side have the key to decrypt the data. Web Vault never has access to your passwords or encryption key. |
| Access Controls | 164.312(a)(1) | Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4). | With Web Vault software, data access is controlled by centrally managed policies, so only authorized individuals have access to sensitive data. In addition, Web Vault online backup services can only be accessed via a secure web portal by an authorized username and password. 256-bit AES data encryption and 128-bit SSL provide protection from the possibility of theft of credentials helping to provide a secure and accurate audit trail. |
| Audit Controls | 164.312(b) | Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. | Web Vault allows for logging of data backup, deletion, and recovery activities, which can be monitored through a centralized management tool. Logs can be generated in multiple levels of details and retained according to client needs. |
| Data Integrity |
164.312(c)(1) 164.312(c)(2) |
Standard: Integrity. Implement
policies and procedures to protect electronic protected health
information from improper alteration or destruction.
Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner |
Web Vault provides a high level Cyclic Redundancy check (CRC) to ensure what was sent is what was received at our data centers. To ensure the highest level of data security, the small files and delta blocks of data are first compressed and then encrypted up to AES 256. Data remains encrypted in-flight and at-rest. The backup data is only unencrypted by the client at their local site when it has retrieved the encrypted data. |
-o-
Sarbanes-Oxley (SOX)
The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which
companies store their financial records. Created largely in response to the
Enron and WorldCom scandals, SOX is designed to safeguard against accounting
errors and other illegal financial activities. SOX specifically states that
electronic records and messages (email/IM) must be saved for at least five years
to ensure that auditors and other regulators can easily obtain requested
documents. Adhering to stringent security, access, process, and redundancy
safeguards, Verssa Web Vault features built-in access controls, audit logs, and an infrastructure that ensures compliance with this
act.
Verssa Web Vault data backup services fulfill the requirements of the Sarbanes-Oxley Act as they relate to the following rules pertaining to storage and management of electronic stored data:
| SOX SECTIONS | Section Numbers | Description | Verssa Web Vault Solution |
| Length of Record Retention | 103(a)(2)(A)(i) |
Prepare and maintain, for a period of not less than 7
years, audit work papers and other information
related to any audit report, in sufficient detail to support the conclusions reached in such report. |
Web Vault ensures the retention and archiving of audit-related report documents and materials through a centralized Backup Management Console. |
| Production of Records | 105(b)(2)(B) |
Require the production of audit work papers and any other document or
information in the
possession of a registered public accounting firm or any associated person thereof, wherever domiciled, that the Board considers relevant or material to the investigation, and may inspect the books and records of such firm or associated person to verify the accuracy of any documents or information supplied. |
Web Vault provides reliable recoverability of data from anywhere at the touch of a button. Controlled by policies set by clients, changes to records can also be captured and available for subsequent restore. With significant advantages over tape-based solutions, restores using Web Vault online backup are simple and speedy. |
| Retention of Complaints | 301(4)(A) |
The receipt, retention, and treatment of complaints received -by the
issuer regarding
accounting, internal accounting controls, or auditing matters. |
Web Vault provides for the retention of those relevant records contained on file/database servers. |
| Internal Controls | 404(a)(1) | State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. | Web Vault provides the features necessary to ensure that the right data is backup at the right time, securely, and with the ability to recover information that has been lost, destroyed, or corrupted. Web Vault facilitates every step in this process, to maintain business continuity even in the wake of a disaster. |
| Record Alteration or Destruction | 802(a) |
Whoever knowingly alters, destroys, mutilates, conceals, covers up,
falsifies, or makes a false entry in any record, document, or tangible
object
with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both |
Web Vault stores all data securely and offsite; data is replicated locally and to redundant offsite world-class data centers. Data access is controlled by centrally managed policies, so only authorized individuals have access to sensitive data. |
| Type of Business Record and Electronic Communications Requiring Storage * (optional) | 802(a)(2) | The Securities and Exchange Commission shall promulgate, within 180 days, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review. | Using Web Vault, all required file types can be backed up, archived, and restored. Using our SELECT version, you can restore multiple versions of data up to the file and folder level. |