Compliance & Security at AxiaTP
The AxiaTP Difference is found in our NCS (Network, Compliance, Security) and PSP (Post Sale Process) standards, in addition to our relentless commitment to quality service and value. Our professional staff has decades of implementation and process/workflow experience; and our PSP is detailed, organized and tracked via interactive project management software. With complex regulations and standards, AxiaTP guarantees security and is a name you can trust.
The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.
SOC 1® and SOC 2® COMPLIANT
AICPA’s System and Organization Controls (SOC) for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs.
AxiaTP is compliant with SOC 1, Type 2 reporting. SOC 1 report on controls at service organization relevant to user entities’ internal control over financial reporting. Type 2 of SOC 1 report on fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
AxiaTP is also compliant with SOC 2, Type 2 reporting. SOC 2 report on controls at service organization relevant to security, availability, processing integrity, confidentiality or privacy. Type 2 of SOC 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.
PCI DATA SECURITY STANDARD COMPLIANT
The PCI Data Security Standard (PCI DSS) provides an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents. The standards set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
The Communications Assistance for Law Enforcement Act (CALEA) was enacted by Congress in 1994 to require telecommunications carriers to provide law enforcement with certain technical capabilities when they conduct lawful electronic surveillance on telecommunications networks. The Federal Communications Commission issued an order in 2005 extending the coverage of CALEA to two-way interconnected VoIP and broadband Internet access.
The goal of CALEA is to preserve the ability of law enforcement to conduct lawful investigations despite evolutions in network technology. This goal is meant to be achieved while protecting telecommunications subscriber privacy and the ability of telecommunications carriers to launch new services and technologies.
The Sarbanes-Oxley (SOX) Act requires all financial reports to include an internal control report. This is designed to show that not only are the company’s financial data accurate, but the company has confidence in them because adequate controls are in place to safeguard financial data. Year-end financial reports must contain an assessment of the effectiveness of the internal controls.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information. It has two main purposes: to provide continuous health insurance coverage for workers who lose or change their job, and to reduce the administrative burdens and cost of health care by standardizing the electronic transmission of administrative and financial transactions. Other goals include combating abuse, fraud and waste in health insurance and healthcare delivery and improving access to long-term care services and health insurance.