enVault Online Backup
What is SAS 70?
SAS 70 is an accounting standard developed by the American Institute of Certified Public Accountants. During an audit, a third-party will evaluate a service organization's internal controls and security standards. When an independent auditor conducts the review, they verify that the proper operational controls, procedures, and risk assessments are in place.
SAS 70 audits controls over information technology and processes related to sensitive data, such as health information and personally identifiably information. The audit process is ongoing; third-party evaluations are regularly scheduled to ensure continued compliance.
How does it work?
enVault is a secure online data backup SAAS application which encrypts each file using 256 bit AES encryption technology. When you first install and configure the enVault service, you will choose a 48 character string that will then be converted into a 256 bit encryption key. Only you will have access to this encryption key. It will never be transmitted over the Internet and it is never stored on our servers. This means that only you can access your online backup files. Each file that you backup is encrypted using this key and remains encrypted until you restore it and it returns to your computer.
How strong is 256 bit AES encryption? Well, let's put it this way. In June 2003, 256-AES was approved by the United State's National Security Agency (NSA) for use encrypting the U.S. government's documents classified "TOP SECRET." That is secure and confident to know.
Trust your data with the ONLY SAS-70 certified backup provider in the tri-county area.
Businesses Are Culpable for Third Parties
In addition, businesses are also culpable for the security practices of any third party vendors that may have access to the PII of their clients. Companies take "reasonable steps" to select and third-party service providers that maintain appropriate security measures.
EnVault employs these strict security measures. EnVault encrypts the data we store twice – both in storage in our mirrored data center and in transit. Even before data is transported to our mirrored data centers, it is encrypted using 256-bit AES security – the same stringent level of security that online banking institutions use.
A First in Data Security Law
The nation's most stringent data security law, the Massachusetts Data Protection Regulation (MA 201 CMR 17), is now in effect. For the first time ever, a government body has mandated the use of a specific technology to enforce privacy regulations. Massachusetts (along with Nevada, who recently passed a similar law) requires that businesses encrypt all the transmitted, personally identifiable information (PII) of their customers.
Not only does this law apply to Massachusetts businesses; it applies to any firm conducting business with any resident of Massachusetts, including third-party vendors. In effect, any company who wants to sell anything to a resident of the nation's 13th largest economy must adopt these measures.
Why is SAS 70 important?
SAS 70 is recognized as one of the most stringent auditing standards for service organizations. A successful audit verification ensures that the company has well-designed and effective controls in place to ensure the accuracy of transactions and privacy of the data being stored and transmitted.
Organizations which provide services to healthcare companies are often asked by their clients to have a SAS 70 audit conducted to ensure that an independent party has examined the controls over the processing of sensitive healthcare information.
A SAS 70 certification is used by customers, prospective customers, and investors to gain an understanding of the control environment of outsourcing companies.
Who is certified?
Not all service providers are SAS 70 certified. With our company, you can be assured that your data is both safe and secure now and in the future.