Compliancy

The Élan Secure Cloud platform provides Media Services’ customers with the control mechanisms and high level certifications needed to address a wide range of compliance requirements. All data-center compliance examinations are conducted by an independent, licensed CPA firm, QSA, and accredited ISO 27001 certification body by ANSI-ASQ National Accreditation Board (ANAB).


AICPA logo

SOC1 and SOC2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA) that addresses examination engagements for service providers.

Each year, an external auditing firm completes SOC1/SOC2 Type 2 reviews of all Élan managed data centers. The report provides our customers with assurance of corporate controls, including security and environmental compliance, and validation of Media Services’ commitment to the most stringent standards of excellence in our data center operations.

Links:
ISO/IEC logo

The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities.

Élan Secure Cloud data centers have achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures. This prestigious, internationally-recognized certification reflects our commitment to provide Media Services’ customers around the globe with secure, reliable, and high-performance hosting solutions.

Links:
PCI Compliant logo

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is administered by the Payment Card Industry Security Standards Council.

Media Services Group (MSG) maintains strict adherence to PCI-DSS standards used in the housing and processing of payment card activities. An external assessment is completed each year by a Quality Service Assessor (QSA) to validate Élan hosting compliance with the Payment Card Industry (PCI) Data Security Standards (DSS). The scope of this assessment includes physical security and related policies at our managed data center facilities. Media Services also completes external vulnerability assessments by an Approved Scanning Vendor (ASV) quarterly.

Links:
ITIL logo

ITIL is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL requires extensive documentation, certified staff, and alignment with industry best practices.

All Elan operations are aligned with the Information Technology Infrastructure Library (ITIL) framework to ensure efficient, best-practice integration of IT services with our customers business needs. All Élan data-centers maintain ITIL certified staff from Foundations through Expert to ensure proper IT Service alignment, optimizations and operates under the most recent version, ITIL v2011.

Links:
ntis logo

NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA).

Élan Secure Cloud infrastructure is built upon security and NIST standards that meets or exceeds FBI, State Identification Bureaus as well as the Criminal Justice Information Services (CJIS) Security Policy mandates. Alignment to NIST 800-53 is performed within Media Services at all levels, from the requirements to use FIPS standards to the physical access requirements for data center access.

Links:
ntis logo

The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.

The Élan Secure Cloud operates and fully conforms to the EU-US Privacy Shield framework ensuring that customer data is correctly maintained and handled, proper notification and privacy protections are in place and data sovereignty is enforced.

Links:
ntis logo

Information Commissioners Office or ICO maintains the privacy rights and protections for entities operating within the United Kingdom (UK). ICO requires that organizations operating within the UK conform to privacy and data protection regulations

Full registration is maintained by Media Services Group.

Links:
ntis logo

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.

In May 2018, GDPR, a new European Union-wide data protection regulation, comes into effect. U.S.-based companies with offices in the EU or that have users/customers in the EU must comply with GDPR. The Media Services Group is fully committed to ensuring adherence of the Élan Secure Platform under the GDPR regulations. As the May 25 deadline approaches, Élan customers will need to determine how much progress they are making toward meeting the new requirements. The following links are provided to assist with your GDPR preparations;

Links:

Model Contract Clause Offering

To ensure compliancy with data sovereignty requirements, Media Services can provide Model Contract Clauses for the contractual movement of data between EU customers (Controllers) and Élan Secure Data-Centers in the US (Processor), ensuring that the movement of data conforms to EU regulations and requirements.


s