Dedicated to offering the highest level of support and expertise, we are proud to have earned a Microsoft® Gold Partner Certification. This is a certification that represents the highest level of competence and expertise with Microsoft technologies.
The AWS Partner Network (APN) is focused on helping global APN Partners to build successful AWS-based businesses or solutions by providing business, technical, marketing, and go-to-market support. As a Select AWS Consulting Services Partner, Codero has access to advanced technical training and resources to better support our customers and help them achieve full advantage of all the benefits that AWS has to offer.
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls.
Statement on Standards for Attestation Engagements no. 16 (SSAE-16) is an auditing standard for service organizations, superseding Statement on Auditing Standards no. 70 (SAS 70). SSAE 16 is largely an American standard, but it mirrors the International Standard on Assurance Engagements (ISAE) 3402, certification within which demonstrates an organization’s commitment to enhanced data security protocols, privacy protection, and internal reporting.
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.
The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
The EU-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Under European Union (EU) law, personal data – including your name, address or social networking profile – can only be gathered legally under specific conditions, for a legitimate purpose. Companies in the EU that collect and manage your personal information must protect it from misuse and must respect certain rights guaranteed by EU law.
The EU’s Data Protection Directive also has specific rules for the transfer of personal data outside of the EU to maintain the protection of your data when it is exported abroad.