SSAE 18 SOC 2 Type 2 Certification for Giva's Cloud Help Desk Software

SSAE 18, also called Statement on Standards for Attestation Engagements 18, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for defining how data centers report on compliance controls.

SSAE 18

Technology

HIPAA Green Arrow

People

HIPAA Green Arrow

Process

Enterprise and service provider class technology from Dell, Cisco, F5, VMware, EMC, Netapp, Tripwire, Trustwave, Microsoft and Red Hat.

Skilled HIPAA-certified engineers available 24/7/365.
All processes are validated against a rigorous set of controls by an independent team of CPA auditors. The annual SSAE 18 SOC 2 Type 2 compliance reports is issued and shared with all Giva customers upon request.

SOC 2 Framework

The SOC 2 framework is a comprehensive set of criteria known as the Trust Services Principles that are composed of the following five sections:
  • Security of a service organisation's system.
  • Availability of a service organisation's system.
  • Processing integrity of a service organisation's system.
  • Confidentiality of the information that the service organisation's system processes or maintains for user entities.
  • Privacy of personal information that the service organisation collects, uses, retains, discloses, and disposes of for user entities.
It is important to be aware of the differences between a Type 1 and Type 2 SSAE 18 report.
The Type 1 SSAE certification performed for many data centres uses the following criteria:
  1. The description of the service organisation's system was designed and implemented as of only a single specified report date which is typically 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance as of only a single specified report date which is typically 12/31/xx.
In other words, a Type 1 report is just a snapshot in time at a particular date which is typically 12/31/xx.
In sharp contrast, the Type 2 SSAE certification performed for Giva's data centres uses the following criteria which are more rigorous, difficult to pass and a higher overall standard:
  1. The description of the service organisation's system was designed and implemented over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.

Datacentre Specifications

  • Power
    • Direct connection to power grid at 13.2 kV
    • 2N electrical design
    • Dual Redundant UPS / Battery Strings
    • Automatic Transfer Switch
    • 750 kW back-up generator
    • 2300 Gallons of fuel onsite
    • Enough capacity for up to 7 days
  • Cooling
    • n+1 Design
    • Redundant CRAC Cooling
    • Temperature of 70 degrees F / 50% Hum
    • Hot Aisle/Cold Aisle Design
    • Redundant Glycol Pumps
  • Fire
    • Dry-piped pre-action fire protection system
    • FM200 Gas Fire Suppression System
  • Connectivity
    • 3 Tier 1 Network Carriers
    • 30 Gbps Bandwidth
    • 4 Fiber Paths
    • 2N Network Design

Learn More About Giva HIPAA Compliance

HIPAA-Compliant Data Encryption
Data Encryption
HIPAA-Compliant Onsite & Offsite Encrypted Backups
Onsite & Offsite Encrypted Backups
HIPAA-Compliant Physical, Logical & Network Access Controls
Physical, Logical & Network Access Controls
HIPAA-Compliant Vulnerability Management & Logging
Vulnerability Management & Logging
HIPAA-Compliant Defined & Tested Security Policies & Procedures
Defined & Tested Security Policies & Procedures
HIPAA-Compliant SSAE 18 SOC II Type 2 Certification
SSAE 18 SOC II Type 2 Certification

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 50% increase in productivity by using Giva's integrated custom forms
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use