SSAE 16 Level 2 Compliant
In today’s global economy, service organizations and providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their clients.For 11 consecutive years Syntax has achieved annual compliance with the rigorous SAS 70 and, beginning in 2011, the SSAE 16, Level 2 audit requirements.
Statement on Standards for Attestation Engagements (SSAE) 16 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that addresses engagements undertaken by a service auditor for reporting on controls at organizations that provide services to user entities, for which a service organization’s controls are likely to be relevant to a user entities internal control over financial reporting (ICFR). SSAE 16 effectively replaces Statement on Auditing Standards No. 70 SAS 70) for service auditor’s reporting periods ending on or after June 15, 2011. The SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS 70. To learn more about SSAE 16, please visit: http://ssae16.com/SSAE16_overview.html
SOC 1 AND SOC 2 COMPLIANT
Developed by the American Institute of Certified Public Accountants (AICPA), System and Organization Controls (SOC) has a suite of service offerings certified public accountants (CPAs) provide in connection with system-level controls. SOC has two important levels: SOC 1 and SOC 2. Syntax is compliant with both, providing a transparency of specific controls implemented by Syntax and the tests performed by auditors. SOC 1 focuses on internal controls over financial reporting while SOC 2 is an auditing procedure to ensures Syntax securely manages customer data and protects the interests and privacy of its customers. For more information about the AICPA and SOC, please visit www.aicpa.org/soc.
FDA COMPLIANT SUPPORT
When it comes to U.S. Food and Drug Administration (FDA) compliance, avoiding risks is a reward in and of itself. Syntax uses a risk-based approach to support Life Science FDA Compliance. Rely on us to help you evaluate overall system risk to product quality, patient safety and data integrity (GAMP5), develop a comprehensive set of functional requirements for your system, perform methodical risk analysis on defined requirements, categorize risk based on potential consequences if the function does not work properly, prepare test verifications (qualifications) that are scaled to the risk level assigned to the function tested, and collaborate with you and your vendors on compliance efforts according to established roles and responsibilities (use and administration). For more information about the FDA, please visit https://www.fda.gov/about-fda.
The Syntax Enterprise Cloud has been certified as HIPAA Compliant. If your organization is subject to the regulations set down in the U.S. Health Insurance Portability and Accountability Act (HIPAA) the Syntax Enterprise Cloud provides you with a secure environment to store, maintain and process protected health information. All of Syntax’s data centers have implemented HIPAA-compliant policies, processes and procedures to achieve technical, administrative and physical safeguards to protect Personal Health Information (PHI.). To learn more about HIPAA, please visit: https://www.hhs.gov/hipaa/index.html
In an ongoing effort to provide the most secure environment possible for its hosted clients, Syntax deploys the rigorous safeguards and controls necessary to attain Payment Card Industry Data Security Standard (“PCI DSS”) Compliance. PCI DSS is a proprietary information security standard created by the PCI Security Standards Council to increase controls around cardholder data to reduce the instances of credit card fraud.
By adhering to these strict standards, Syntax is invested in the security of our clients’ transactional and customer information and it is proud to be part of a united, global effort to reduce payment card data accessibility risk. To learn more about PCI, please visit: https://www.pcisecuritystandards.org/
SERVICE DESK INSTITUTE (SDI) CERTIFIED
Since 1988, the Service Desk Institute (SDI) has been inspiring service desks and service desk professionals worldwide. SDI has been tried and tested by thousands of companies and service desk professionals in more 150 countries. SDI’s globally accepted Service Desk Certification (SDC) program is the only benchmarking method based on industry standards for service desk best practices, designed specifically to certify service desk quality. To learn more about SDI, please visit: https://www.servicedeskinstitute.com/.
HELP DESK INSTITUTE (HDI) CERTIFIED
Founded in 1989 as the Help Desk Institute, HDI is a professional association with its overall mission to facilitate professional development and to foster organizational success through exception customer service, with a focus on help and support desk operations. HDI’s certifications are one of the best known and most respected in the industry. To learn more about HDI, visit https://www.thinkhdi.com/certification.aspx.
PRIVACY SHIELD Framework CERTIFICATION
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the “Privacy Shield Principles”) to enable U.S. companies to satisfy the EU law requirement that personal information transferred from individuals within the European Economic Area to the United States be adequately protected.Consistent with its pledge to protect personal privacy,Syntax adheres to the Privacy Shield Principles and has self-certified compliance with the U.S.-EU Privacy Shield Framework. To learn more about the Privacy Shield framework please visit: https://www.privacyshield.gov/