Security and compliance are top priorities for Grazitti because they are fundamental to securing data, eliminating systems vulnerabilities, and ensuring business continuity. Security is a key component in our offerings and is reflected in our people, process, services, and products. Grazitti uses a variety of industry-standard technologies to secure data from unauthorized access, disclosure, use, and loss.
ISO 27001
ISO 27001 (formally known as ISO/IEC 27001:2013) is an internationally recognized information security management standard which ensures that a business has rigorous information security processes in place. ISO 27001 includes all legal, physical,technical, and organizational controls involved in an organization’s information risk management processes, with the aim of keeping information secure.
Grazitti is ISO 27001:2013 certified and is committed to identifying risks, assessing implications, and putting systemized controls in place. Achieving the certification demonstrates that Grazitti is following international information security best practices.
ISO27701:2019
ISO 27701:2019, an extension to ISO 27001/2 for privacy information management, sets out the requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It helps controllers and processors of Personally Identifiable Information (PII), who are accountable and responsible for PII processing.
Grazitti is ISO 27701:2019 certified and is committed to identifying risks, assessing implications, and putting systemized controls in place. Achieving this certification demonstrates Grazitti’s ability to process personally identifiable information (PII) in compliance with the applicable data privacy regulations, and contractual requirements while being focused on measurement and continuous improvement.
SSAE 18 SOC 1, SOC 2 Type II, SOC 3
SSAE 18 or Statement on Standards for Attestation Engagements 18/19, is a regulation developed by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls. While the SOC 1 report focuses on a company’s internal control over financial reporting, the SOC 2 report focuses on non-financial controls such as, security, availability, processing integrity, confidentiality, and privacy.
The Grazitti Service Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how Grazitti achieves key compliance controls and objectives. The purpose of these reports is to help you understand the controls that Grazitti established to support operations and compliance. Grazitti SOC 1 and SOC 2 reports can be made available to customers upon demand, whereas SOC 3 report is publically available and can be accessed directly at Grazitti SOC 3 report.
HIPAA
Health care privacy concerns are governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) of 2009. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA. The purpose of the Privacy Rule is to establish standards with respect to the confidentiality of an individual’s protected health information or PHI by entities that are subject to HIPAA.
Grazitti is in compliance with the Privacy Rule within HIPAA Title II and exercises physical, technical, and administrative safeguards in compliance with HIPAA Security Rule. We can sign a Business Associate Agreement (BAA) with our customers who require data services, to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA).