A key factor for software vendors when choosing their SaaS platform provider is to verify the regulations for which the provider can prove compliance. After all, if your customers require HIPAA, PCI, FDIC compliance or compliance with another regulation, the engine on which your software runs must also comply. Another important aspect is compliance with SSAE 16 SOC, which verifies if sufficient controls are in place over financial information as well as compliance with professional accounting standards.
To be certain, check to see if your SaaS partner has gone through an independent security audit that confirms not only that their hardware and software infrastructure is in compliance, but also that they maintain the appropriate tools, training and documentation to ensure continued, on-going compliance. It’s not enough to take their word for it—request proof from an outside third party.
A stringent compliance assessment by an outside firm of a SaaS provider’s platform and its supporting services typically covers the following critical areas:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Organizational policies, procedures, and documentation
- The breach notification process
Demonstrating compliance with regulations that apply to your industry generally means that the SaaS provider understands and can prove its ability to meet the necessary security requirements and can protect confidential information. A provider that can prove compliance also typically has a long history of supplying services to your vertical—another key proof point when considering such a strategic partner.
To find out how Logicalis can help your organization evaluate the compliance of your SaaS platform and better leverage the cloud to increase revenues, improve margins and enhance customer experiences, visit http://www.us.logicalis.com/microsites/cisco-isv/.