HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Online Tech Audit Confirms its Data Centers and HQ are Compliant with ISO 27001

Online Tech has announced that following a five-month process of audits by NSF International, all five data centers and its Ann Arbor, MI headquarters have been confirmed as compliant with ISO 27001.

ISO 27001 sets rigorous standards for Information Security Management System (ISMS) to ensure all sensitive information is properly managed and remains secure at all times. ISO 27001 covers the implementation of the ISMS, its maintenance, and policies and procedures to ensure continuous improvements are made and high standards are maintained.

ISO 27001 sets standards assessing risk, which are tailored to each organization, and in-depth risk management processes are required covering people, processes, as well as IT systems. Those risks must be managed and reduced to a low and acceptable level.

In order to pass the audits and be certified as compliant, Online Tech’s ISMS was required to meet the minimum standards across 14 specific controls, which the company did without any exceptions or corrective actions at all 5 data centers and headquarters. Those controls include the information security policy, risk assessment and risk management process, security objectives, providing evidence of the competence of information security staff, documentation checks, planning and control, the results of the risk assessment and risk management decisions, information security monitoring and measurement, and top management reviews of the ISMS.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In addition to being certified as ISO 27001 compliant, the company is also compliant with the Health Insurance Portability and Accountability Act (HIPAA), PCI DSS, SOC1/SOC2, and the EU-US Privacy Shield.

“Online Tech has always had a focus on a culture on compliance, and we believe this audit will make a huge difference to our customers,” said Jason Yaeger, Online Tech Security Officer and VP of Business Development and Strategic Solutions. “They trust us to keep their data secure and compliant, and this is just one more example that by hosting their data with us, clients can prove to their own end users that their data is well protected.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.