Together, we meet GLBA, SOX, FACTA, FERPA and FISMA compliance standards.
Reduce Risk with Compliant Hosting Solutions Maintained and Audited with Stringent Physical, Technical, and Administrative Measures.
Choose the most reliable and secure hosting solution to address your specific regulatory requirements at OnRamp. If you maintain mission critical or highly personal data, we help identify and implement measures for data confidentiality, availability, and integrity. Our partnership offers fully-compliant products and operational processes that maintain compliance and documentation for audits.
In addition to HIPAA and PCI compliant hosting solutions, OnRamp’s high security hosting is used by companies needing to comply with the following regulatory frameworks:
Gramm Leach Bliley Act (GLBA)
GLBA Hosting for Financial Institutions.
OnRamp works with customers to meet the GLBA Data Protection Rule and subsequent safeguards to:
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, and income and credit histories. The GLB Act specifies that, to ensure the security and confidentiality of customer records and information, organizations must establish appropriate standards.
SOX Compliant Hosting for Publicly Held Companies
With OnRamp, you can ensure compliance with Sarbanes-Oxley standards. The Sarbanes-Oxley (SOX) Act of 2002 requires that publicly held companies implement adequate controls to safeguard financial data, operations, and assets.
SOX sets requirements in terms of data protection, vulnerability testing, and auditing data integrity. SOX not only affects the financial side of corporations, but also IT departments charged with storing a corporation’s electronic records. The act is not a set of business practices and does not specify how a business should store records; rather, it defines which records should be stored and for how long.
SOX states that all business records, including electronic records and electronic messages, must be saved for “not less than five years.” The consequences for noncompliance are fines, imprisonment or both.
Section 802 of Sarbanes-Oxley contains the three rules that affect the management of electronic records. The first rule deals with the destruction, alteration or falsification of records, and the resulting penalties. The second rule defines the retention period for records storage. The third rule refers to the type of business records that need to be stored, including all business records and communications, including electronic communications.
The Fair and Accurate Credit Transaction Act (FACTA)
FACTA Hosting for Financial Institutions and Creditors.
OnRamp’s FACTA compliance hosting solutions employ compliance-critical hardware and a suite of managed security services to deliver the highest levels of proactive detection and protection to ensure the confidentiality, availability and integrity of your data.
The Fair and Accurate Credit Transaction Act (FACTA) of 2003 requires any business that extends credit to consumers to protect those consumers from identity theft. The Act stipulates requirements for information privacy, accuracy and disposal and limits the ways consumer information can be shared.
The Family Educational Rights and Privacy Act (FERPA)
FERPA Compliant Hosting for Educational Agencies
With deep experience in helping companies across industry verticals, OnRamp has the most secure compliant hosting solutions to meet FERPA’s rules and regulations associated with protecting sensitive data.
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a U.S. privacy law designed to protect student records, including personally identifiable information (PII) with administrative, physical and technical safeguards.
FERPA allows for educational agencies and institutions to use third-party cloud and/or IT infrastructure providers, like OnRamp, for the outsourcing of information technology functions including the storage of education records.
The Federal Information Security Management Act (FISMA)
FISMA Compliant Hosting for Government Agencies
Relying on OnRamp, you’ll comply with the technical and operational controls issued by the National Institute of Standards and Technology (NIST) that meets the framework defined by FISMA.
The Federal Information Security Management Act (FISMA), enacted in 2002, recognized the importance of information security to the economic and national security interests of the United States. FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
FISMA assigns specific responsibilities to federal agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to strengthen information security systems. In particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level.
According to FISMA, the term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability. The FISMA security framework provides the common standards agencies require to outsource critical applications to external data centers.