Best practice
information security standards

Learn how EPI-USE Labs protects critical and sensitive information

Labs_Coloured_blocks

Information Security Certifications

EPI-USE Labs offers innovative cloud platforms for client interaction and management of SAP® landscapes. From the beginning of the design stages, we are mindful of the trust our clients place in us with the security of our data. Accordingly, we’ve implemented best practice information security standards that include technology, processes and people to minimize the risk of security incidents.

EPI-USE Labs adopted the Information Security Management System and controls from ISO/IEC 27001: 2013 that govern the management, development and operations of our cloud platforms. To verify the proper implementation and effectiveness of our security controls, we’ve undergone multiple, rigorous independent audits by an accredited certification registrar.

Subsequently, we have been awarded ISO/IEC 27001: 2013 certification and SOC 2 assurance reports, or Service Organization Control 2. We have also decided to implement the requirements of the HIPAA/Hitech (AT-C 105 and AT-C 205) legislation.

A-LIGN_ISO_27701

About ISO27701 (Data Privacy) and ISO27017 (Cloud Hosting)

The ISO27701 standard outlines a framework to manage Personally Identifiable Information (PII). The standard is an extension of the ISO27001 and changes the Information Security Management System (ISMS) into a Privacy and Information Security Management System (PIMS). EPI-USE Labs has successfully implemented all the controls as a Data Processor and currently maintains the ISO27701 certification for Cloud Hosting, Managed Services and XCentral stack of solutions.

EPI-USE Labs has also obtained ISO27017 certification which is a further extension of ISO27001 that focuses on information security controls applicable to the provision, security and use of cloud services.

A-LIGN-ISO_27001_Logo-_New_Brand

About ISO/IEC 27001: 2013

ISO/IEC 27001: 2013 is an internationally-recognised information security management standard that ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to data security. The accreditation process considers not only IT but all business operations. To meet the criteria, a company must demonstrate that it has a systematic and ongoing approach in place to manage sensitive company and customer information.

A-LIGN-SOC Badge

About SOC 2, Type 2

The SOC 2 report , or Service Organization Control 2 , addresses a service organization’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy. A SOC 2 Type 2 report includes a detailed description of the service auditor’s test of controls and results, and is an attestation that a company has designed their systems to keep clients sensitive data secure.

HIPPA_NEW_LOGO

About HIPAA/HITECH (AT-C 105 and AT-C 205)

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a United States legislation that provides requirements for data privacy and security provisions for safeguarding medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Similarly the Health Information Technology for Economic and Clinical Health Act (HITECH Act) was created to drive the adoption and “meaningful use” of electronic health records (EHR) technology by U.S.-based healthcare providers and their business associates. Meaningful use means healthcare providers need to show that they are using certified EHR technology in a way that can be measured in both quantity and quality.

EPI-USE Labs does not process any PHI (Protected Health Information) but may from time to time come into contact with client PHI data when performing migrations and or installing applications. We have therefore decided to implement the requirements of the HIPAA/Hitech legislation, to ensure any information that we may come into contact with is appropriately protected.

Request Reports

Please fill in your information and we'll get in touch with you.