We utilize servers located in the United States as well as the European Economic Area (EEA) and Asia to collect, store, and process the data we collect, all of which are based within areas where the EU has determined adequate data protection laws are in place to protect your data.
We reserve the right to keep network logging data for a period of time adequate to ensure network security and safety for the systems we use and host customer data on in any country. Pursuant to regulatory, legal, and security requirements in Chapter 2 of the General Data Protection Regulation, this timeline is determined based on the type of data, the security implications of storing the data, the legal requirements ServerCentral must meet with the data, and the privacy of the individual referenced in the data.
AT-101 SOC 2, Type II Audit
SCTG’s annual AT-101 SOC 2, Type II audit serves as the foundation for helping customers meet their own compliance requirements, including HIPAA.
A Type II Report and Auditor’s Opinion is issued annually and contains:
- Management’s description of controls and the auditor’s opinion that the description of controls defined in the Trust Service Principles-100 fairly present the system and their operation, for a specific time period.
- Management’s description of the controls defined in the Trust Service Principles-100 as they relate to the controls objectives in the system were suitably designed during the specified time period to achieve the system’s objectives.
- Management’s description of the controls defined in the Trust Service Principles-100 as they relate to the controls objectives in the system operate according to that design during the specified time period to achieve the system’s objectives.
To request a copy of SCTG’s audit report, email firstname.lastname@example.org.
SCTG services that are in scope for PCI DSS compliance include Enterprise Cloud, Colocation, and Disaster Recovery. We are working to expand PCI DSS coverage across our Private Cloud, Hybrid Cloud, and Dedicated Server services.
SCTG’s annual AT-101 SOC 2, Type II audit serves as the foundation for helping our healthcare customers meet their HIPAA compliance requirements.
We also regularly enter into Business Associate Agreements (BAAs) to support our customers.
Still need help? Send us a note!
Questions, comments or complaints regarding SCTG’s compliance can be mailed or emailed to:
ServerCentral Turing Group Legal Department
111 W. Jackson Blvd. Ste. 1600
Chicago, IL 60604 USA