DriveSavers undergoes annual security audits on its perimeter and network systems. These audits are conducted by a team of independent information security and technology consultants from WIRED Security, Inc., to ensure that adequate controls and safeguards are in place for safely hosting data belonging to our customers. A thorough review of our Business Continuance Plan, Information Security Policy and the recently completed SOC 2 Type II audit documentation is also performed.
DriveSavers has deployed a full “Defense-in-Depth” network. All hardware and software used by DriveSavers has multiple industry certifications including, but not limited to NIST, NEBS level 3, ICSA, NSS and FIPS. The DriveSavers Data Recovery computing network environment (as tested) has an excellent ability to avoid information security breaches.
DriveSavers undergoes these audits annually. The results of our most recent and up-to-date audits can be found here.
At the heart of our certified secure data recovery environment is a “defense-in-depth” network, verified in our SOC 2 Type II auditing process to be “a formidable defense” for the information and data that it hosts.
—Michael Hall, CISO, DriveSavers
Benefits of Working with an SOC 2 Type II Audited Data Recovery Service Provider
By posting proof that DriveSavers undergoes a company-wide audit on an annual basis, it differentiates itself from all other data recovery service providers in the industry today. This audit verifies our qualifications to handle enterprise-class recoveries, and support those customers who must maintain compliance with data privacy and data security regulations, such as:
- NIST (National Institute of Standards & Technology) SP 800.34 (Rev.1)
- HIPAA (Health Insurance Portability and Accountability Act)
- FERPA (Family Educational Rights and Privacy Act)
- SOX (Sarbanes-Oxley Act of 2002)
- GLBA (Gramm-Leach-Bliley Act of 1999)
An annual audit guarantees our customers and partners that only authorized data recovery engineers have access to their personal and confidential data. Once the recovery process is complete, data is stored on our secure network until the integrity of the recovered data is verified. Custom solutions are offered for recoveries on encrypted files and drives. Data is protected during transit to and from our facility. Should instant access of the recovered data be required, data is transmitted via a secure FTP site. Secure and permanent data destruction is available upon request.
An annual SOC 2 Type II audit is mandated by many of our data recovery customers:
- Publicly-traded companies who must comply with the Sarbanes-Oxley Act of 2002 through a SOX audit for SOX compliance
- Companies with legally-protected customer information, such as financial institutions
- Businesses that must protect health information (HIPAA)
- Universities with protected student information (FERPA)
- Loan originators and credit rating agencies and their providers (FCRA, GLBA)
- Providers of services involving eCommerce (WebTrust, PCI)