Compliance & Certifications

Practice Protect uses the Idaptive platform which addresses a wide range of international, country, and industry-specific regulatory requirements. By providing compliant, independently verified cloud services, In addition, an extensible compliance framework that enables Practice Protect to design and build services using a single set of controls to speed up and simplify compliance across a diverse set of regulations and rapidly adapt to changes in the regulatory landscape. The Idaptive Cloud is certified with SOC 2 and TRUSTe.

SOC 2 SSAE 16/ISAE 3402 Attestations

Practice Protect has successfully passed an independent audit against the rigorous SSAE 16 SOC 2 Type II standard and achieved compliance, a prestigious accomplishment showcasing Practice Protect’s longstanding commitment to securing customer data. Information security is far reaching and ingrained into Practice Protect’s culture and is evident from design of the service and infrastructure to the processes and people. Furthermore, achieving compliance demonstrates Practice Protect’s dedication to both its existing high security standards and Practice Protect’s ability to quickly and effectively raise the bar and adapt to the changing information security climate.

Audits are conducted in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16 put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) and International Standard on Assurance Engagements (ISAE) 3402 put forth by the International Auditing and Assurance Standards Board (IAASB). In addition, the SOC 2 Type 2 audit included an examination of the Cloud Controls Matrix (CCM) from the Cloud Security Alliance (CSA).

TRUSTe

Practice Protect has been awarded the TRUSTe privacy Trustmark and is Safe Harbor compliant. Practice Protect is commitment to privacy and transparency. The Practice Protect Privacy Policy can be viewed here. The TRUSTe mission, as an independent third party, is to accelerate online trust among consumers and organizations globally. Through the process of achieving TRUSTe compliance, our Privacy Policy is scrutinized to ensure it is accurate with respect to our offered services, our services are scanned for potential privacy threats ensuring that you are receiving the expected level of privacy for your users. For more information please visit the Truste website.

SafeHarbor

Practice Protect also complies with the U.S. — E.U. Safe Harbor framework and the U.S. — Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding collection, use and retention of personal data from European Union member countries and Switzerland. You can learn more about the Safe Harbor program and view our certification by visiting the Safe Harbor website.

Cloud Security Alliance Cloud Controls Matrix

Practice Protect has been audited against the Cloud Controls Matrix (CCM) established by the Cloud Security Alliance (CSA). The audit was completed as part of the SOC 2 Type 2 assessment, the details of which are included in that report. This combined approach is recommended by the American Institute of Certified Public Accountants (AICPA) and CSA as a means of meeting the assurance and reporting needs of the majority cloud services users.

The CSA CCM is designed to provide fundamental security principles to guide cloud vendors and to assist prospective customers in assessing the overall security risk of a cloud provider. By having completed an assessment against the CCM, Practice Protect offers transparency into how its security controls are designed and managed with verification by an expert, independent audit firm.

ISO/IEC 27001:2005 Audit and Certification

Microsoft is committed to annual certification against the ISO/IEC 27001:2005, a broad international information security standard. The ISO/IEC 27001:2005 certificate validates that Azure has implemented the internationally recognized information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.

Federal Risk and Authorization Management Program (FedRAMP)

Azure has been granted a Provisional Authorities to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB).

Following a rigorous security review, the JAB approved a provisional authorization that an executive department or agency can leverage to issue a security authorization and an accompanying Authority to Operate (ATO). This will allow US federal, state, and local governments to more rapidly realize the benefits of the cloud.

FedRAMP is a mandatory U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.

Practice Protect’s Cloud is in the process of FedRAMP certified for the application layer.

United Kingdom G-Cloud Impact Level 2 Accreditation

In the United Kingdom, Azure has been awarded Impact Level 2 (IL2) accreditation, further enhancing Azure and its partner offerings on the current G-Cloud procurement Framework and CloudStore. The IL2 rating will benefit a broad range of UK public sector organizations, including local and regional government, National Health Service (NHS) trusts and some central government bodies, who require ‘protect’ level of security for data processing, storage and transmission.

Family Educational Rights and Privacy Act (FERPA)

FERPA imposes requirements on U.S. educational organizations regarding the use and disclosure of student education records. Educational organizations can use Windows Azure to process data, such as student education records, in compliance with FERPA. Microsoft will only use Customer Data to provide organizations with the Windows Azure service and will not scan Customer Data for advertising purposes.

Accounting Cyber Security Guide 2019

HOW data leaks occur, WHERE vulnerabilities exist in most firms, and HOW to protect your clients’ sensitive data.

Top 7 Cyber – Security Risks For Accounting Firms

(And How To Eliminate Them)

Free Cyber Security Consultation

Uncover the cyber security vulnerabilities that currently exist in your accounting firm.

(Includes Tailored Cyber Security Action Plan)