In today’s global economy, service organizations and service providers must prove they have adequate safeguards when hosting or processing data belonging to their customers.

We have been certified by leading standards bodies and technology partners as being able to consistently deliver high-quality solutions across a range of applications. These certifications are further proof that you can count on Data Return.

 
SAS 70 Type II Certified

Statement on Auditing Standards (SAS) Logo
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.

Data Return has successfully achieved a SAS-70 Type II certification with an unqualified opinion in each of its data center and corporate office locations. This certification represents that Data Return has had its control objectives and control activities examined by an independent accounting and auditing firm and has demonstrated there are adequate controls and safeguards in place over information technology and related processes used to host and process data belonging to customers. This Type II certification not only includes Data Return’s description of controls, but also includes detailed testing of the organization’s controls over a specified period of time.

Data Return’s SAS 70 Type II certification shows that we have had our control objectives and activities verified by outside experts and that we meet these high standards. Our systems also meet the requirements of Section 404 of the Sarbanes-Oxley Act, making it easier for you to support your Sarbanes-Oxley reporting requirements.

More information
//  About SAS 70

 
HP SP Signature Certified, Hosting Service

HP SP Signature Certified Logo
HP’s SP Certification program provides confirmation and recognition in the industry that a Service Provider (SP) is able to consistently deliver reliable services to a defined standard based upon industry best practice. The criteria employed during the assessment phase represent a very high standard of service infrastructure and have been drawn from a combination of HP’s extensive experience in the design and support of enterprise-level business-critical solutions, and industry best practices such as IT Infrastructure Library (ITIL).

Two levels of certification are offered: SP Certified, based on an assessment of the IT infrastructure used to deliver a named service; and SP Signature Certified, based on an end-to-end assessment of all relevant IT infrastructure and service management practices involved in the delivery of the named service. Data Return has held Signature Certified status since the inception of the HP SP certification program.

More information
//  SP Certification at a glance

 
Microsoft Gold Certified Partner, Hosting & Application Services

MS Gold Certified Partner Logo
The Microsoft Gold Certified Partner Program was created to provide recognition to companies providing Hosting & Application Services that, through the program’s certification process, have demonstrated a consistent, high-quality delivery of solutions built on Microsoft technology and the .NET Framework. The program only awards certification status for those specific hosted or application services that meet eligibility qualifications, proven service quality, and operational readiness benchmarks. Data Return has met these standards since the inception of the Gold Certified program.

 
VISA CISP

When customers offer their bankcard at the point of sale, over the Internet, on the phone or through the mail, they want assurance that their account information is safe. That’s why Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, the program is intended to protect Visa cardholder data—wherever it resides—ensuring that members, merchants and service providers maintain the highest information security standard.

CISP compliance is required of all merchants and service providers that store, process or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. To achieve compliance with CISP, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This Standard is a result of a collaboration between Visa and MasterCard and is designed to create common industry security requirements, incorporating the CISP requirements. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs.

Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise across the entire payment industry.

More Information
//  CISP Overview (PDF)
//  PCI Data Security Standard (PDF)

 
Safe Harbor

The European Commission’s Directive on Data Protection went into effect in October, 1998, and would prohibit the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these different privacy approaches, the Directive could have significantly hampered the ability of U.S. companies to engage in many trans-Atlantic transactions.

In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework. The safe harbor -- approved by the EU in 2000-- is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor assures that EU organizations know that Data Return provides "adequate" privacy protection, as defined by the Directive.

More Information
//  Safe Harbor Overview
 
IT Operations Highly Managed Hosting MHOne