Businesses, today, have to meet compliance mandates to maintain and demonstrate controls while managing electronic data. Regulations by various industries related to maintaining confidentiality, industry portability and preservation of records compel organizations to implement processes that support data backup and recovery objectives.
IDrive BMR continues to address high compliance standards associated with data privacy, safekeeping and access.
Statement on Standards for Attestation Engagements (SSAE) 16 is an auditing standard for service organizations, superseding SAS 70, which IDrive previously maintained. IDrive has completed the necessary audits and can provide supporting documentation to demonstrate that it meets the standards defined by SSAE 16.
SSAE 16 reporting can help service organizations comply with several regulations such as Sarbanes Oxley's (section 404) to show effective internal controls covering financial reporting. IDrive can also assist companies within the medical, accounting and legal professions to comply with regulatory standards including the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA), Securities and Exchange Commission (SEC), and Financial Industry Regulatory Authority (FINRA).
More information on how IDrive assists its customers comply with different regulatory standards can be found on IDrive BMR's Compliance Page.
IDrive addresses data security and privacy concerns by employing a robust security model that manages your data when stored on the BMR device and during cloud replication to the IDrive cloud account. Security measures include encrypted data transmission and storage, restricted physical access, and password protection safeguards among its several layers of security measures used to protect customer data.
Your data is encrypted during transfer from your local BMR device to the IDrive cloud using 128-bit SSL. IDrive BMR servers reside in world-class data centers, which provide Service Organization Control (SOC) approved data protection services. All transmitted data is automatically verified during every back up.
Storage / Encryption
Data files are encrypted when stored on the BMR server and on the IDrive cloud account using AES 256 CCM encryption. Your data is also encrypted during transfer to the cloud account. Data resides on RAID-protected industry leading NAS / SAN storage devices with multiple levels of redundancy and is available for online restores 24/7.
Encryption based on a private encryption key ensures data stored on IDrive servers cannot be decrypted by anybody other than you and your authorized personnel. Private encryption keys are never stored or escrowed on IDrive servers as is.
Data access is restricted by password and private key authentication. All access to the stored data is documented and time/date stamped. Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required.
Physical access to the vaults and the data center housing IDrive servers is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized physical access to IDrive servers.
Account passwords are never stored or transmitted to IDrive in plain text.
While IDrive BMR meets several technical safeguards for maintaining data security, full compliance with specific regulatory requirements is not guaranteed by simply implementing IDrive solutions. It is important that organizations consult with their legal counsel to ensure applicable compliance regulations are satisfied.