ref: Soc 2 Type II Facilities Compliance Report for Omegabit colocation' facilities managed by Digital West and alternate providers (available on request).

All omegabit facilities are audited by third-party compliance services for SOC-2 compliance are maintained to PCI compliance standards, by default. Omegabit hosted infrastructure is also frequently vetted and audited on a per-customer basis where specific compliance, e.g. PCI, FERPA, FEDRAMP, HIPAA, is required. These certifications must occur against the customer implementation and are typically performed in cooperation with the application sponsor and Client.

This technically falls under the auspice of control of our Client tenants with these requirements and their specific custom application design and implementation. However, we play a participating role in ensuring that issues relating to SOC 2/facilities compliance, data storage and transfer, managed operations and procedures, are performed in a manner that is commensurate with Client requirements. Actual secure data transmissions are accomplished via BOVPN, IPS, SSH, or HTTPS, LDAPS, or similarly secure means at the discretion of the customer and their custom application design. All popular means are supported and can be enabled and secured on request. Data storage encryption is also available on request.

This is performed on a per-client case-basis as required by Client in cooperation with the auditing service or agency of their choosing. Omegabit is able to self-certify and/or work with Client designated teams. Omegabit has established PCI, HIPAA, FERPA, and similar compliance with customers across various verticals and custom application designs. These assessments must be done on a per-Client case basis and be specific to the custom software implementation to be relevant. Compliance certifications, with the exception of Omegabit's SOC 2 facilities compliance, is not transferable across Client tenants, by definition.

The SOC-2 compliance audit is performed every 18-24 months.  

Omegabit facilities are SOC-2 audited and compliant (see attached certification statement).  This addresses the standards and controls that are needed and typical of a HIPAA, FERPA, or PCI-I compliant implementation.  Our NOC has also been PCI-I certified for other tenants that have elected for an independent audit.  However, in order to promise compliance to HIPAA, FERPA, or PCI, typically requires that an independent audit be applied throughout the logical application layer, including your specific Liferay implementation.  Our standard compliance is usually sufficient for these applications, but assumes that the application owner/sponsor (you), are taking responsibility for compliance that must occur at the OS and application layers, for which you are in control.  Omegabit hosts a number of healthcare related sites that are customer self-certified as HIPAA compliant based on this rationale and their own security practices.  (Caution:  Any provider that tells you that you get HIPAA compliance out-of-the-box is skirting the issue). 

Omegabit does and will advise on these best practices, and is happy to participate and support an ongoing standards audit for any of these levels of compliance by a third party entity.

Costs for actual HIPAA/FERPA or PCI-I type certification specific for a given Customer implementation typically run $40K-$65K/year to perform an annual audit and maintain the necessary standards and compliance procedures and documentation required to satisfy future audits.

Omegabit facilities are SOC-2 compliant; this is considered the modern and more scrupulous replacement for SAS 70 compliance in industry. The SOC-2 compliance audit is performed every 18-24 months.