Connectria Hosting’s Compliance Journey with KirkpatrickPrice

by Sarah Harvey / March 2nd, 2017

Who is Connectria?

Founded in 1996, Connectria is a leading provider of cloud hosting and managed services. With customers in over 30 countries around the globe, Connectria ensures the ongoing availability, performance and security of customer applications in the cloud. Connectria’s comprehensive managed services and experience include the widest range of technologies in the industry and are available on a 24/7 basis no matter where customer applications and data reside. This includes Connectria’s data centers as well as remote management via customer data centers and third party clouds such as Amazon Web Services and Microsoft Azure.

How valuable is security to Connectria?

Security is a hallmark of Connectria and core to everything we do. Our customers’ businesses and livelihood depend upon Connectria safeguarding their applications and data. Security is a big part of what our customers are buying from us and why they regard us as the experts. Additionally, many of our customers are subject to regulatory compliance and rely upon Connectria to help them achieve and maintain compliance.

Connectria invests heavily in security and compliance and annually undergoes third-party audits to adhere to the highest levels of standards. This includes SSAE16 (SOC1, SOC2), HIPAA/HITECH, PCI DSS, Sarbanes Oxley (SOX), FISMA and EU-US PRIVACY SHIELD, with plans for HITRUST and FEDRAMP.

Connectria is committed to delivering the best security services in the industry through our world-class 24/7 Security Operations Center (called SOCTRIA) and dedicated compliance support team for our customers.

Why did Connectria pursue FISMA, PCI, and HIPAA compliance?   

The reputation of our customers is very important to Connectria. Security breaches are a constant threat faced by all companies. Data and processes are stored and managed more than ever by cloud service providers. Meeting FIMSA, PCI and HIPAA regulatory compliance standards provides our customers the confidence that it’s safe to do business with Connectria.

How do you feel about the auditing process?

No one enjoys or looks forward to a visit from their examiner. It can be a distraction from our normal business of supporting customers, however Connectria realizes these audits ultimately improve our services and business.  Rather than viewing our audits as a given point-in-time, Connectria views security and compliance as an ongoing effort. As such, any audit is merely a review and validation of a continual evolution and commitment which already exists within Connectria.

KirkpatrickPrice has made these events a more efficient with the tools and partnership mentality that they bring to the table. The online portal that allows us to combine all of the questions from all of the audit disciplines that we require has made this effort quicker, easier, and more engaging.  The KirkpatrickPrice team has become an extension of the Connectria team throughout each exam effort.  This harmonization is important for minimizing duplication of effort for any organization that must demonstrate compliance in multiple audit disciplines.

What is the most difficult part of the audit process?

What used to be difficult has become easier after incorporating the KirkpatrickPrice portal into our processes.  The coordination of evidence gathering, resource scheduling, and effort of work has slowly become a team effort.  Year over year, we continue to grow and improve our auditing processes. Connectria has been able to create repeatable automated processes for vulnerability management, evidence gathering, and monthly reporting after engaging with KirkpatrickPrice.

What have you learned from each of your audit processes?

We have learned that planning for the audit is just as critical as managing the risk. Planning requires a significant amount of judgment, and the decisions made in planning are critical to the effectiveness and efficiency of an audit. The principles involved in the identification of risk and determination of in scope services are the same for all of our audit disciplines. Therefore, planning performed on an integrated basis helps to achieve the objective of an integrated audit and eliminates redundancy.

Why should your customers care about your compliance?

Risk of non-compliance for customers is significant. Any breach in compliance may result in expensive fines and damage to a customer’s reputation. Our customers subject to compliance rely upon Connectria’s expertise to mitigate this risk. They are not experts themselves and would rather focus upon their core business.

An effective compliance program gives our customers the assurance and comfort they require. By undergoing annual audits, Connectria is able to present a reliable health picture of the organization to our customers. Compliance is a benefit of audits achieved through internal controls that prevent, detect and respond to security events. Strengthening the compliance and security program integrity of an organization through an audit reduces risk.

These audits allow Connectria to hold itself to the same standards and accountability as our customers.  As long as the services we provide our customers are compliant, then our customers know we are committed to protecting their data as if it were our own.

About Connectria Hosting

Since 1996, Connectria has provided award-winning cloud hosting, remote monitoring and cloud security for more than 1,000 customers in over 30 countries worldwide. At the core of Connectria is our No Jerks Allowed® company philosophy. As The Jerk Free Company®, we’ve established a unique culture where every employee goes “the extra mile” to take care of our customers. Being The Jerk Free Company® extends beyond our people too. We make it easy to do business with us through flexible terms, scalable solutions and straight-forward pricing to serve the technology needs of large and small organizations alike.