Compliance for SaaS and On-Demand Applications

Meeting Industry Standards PCI, SAS 70, HIPAA, SOX, AppExchange...

Leverage OpSource's compliant status and expertise to ease your audit process and headaches. We understand how meeting industry regulations can be time consuming, stressful and costly. Thus by ensuring OpSource is compliant with many industry requirements, we effectively reduce your audit headaches and accelerate your time-to-market.

Level 1 PCI DSS

By being Level 1 PCI DSS (Payment Card Industry Data Security Standard) certified, OpSource offers to customers a valuable tool for streamlining the audit of their on-demand business. The PCI standard was developed in 2006 by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or risk losing the ability to process credit card payments.

By running your application inside our Level 1 PCI compliant environment, you accelerate time-to-market and minimize audit costs. In fact, you have full responsibility for only two of the 12 PCI requirement areas. Our PCI-certified environment is audited yearly by Trustwave and meets all of the requirements associated with Service Provider Level 1 certification. OpSource can support any online application, regardless of the volume of credit card information stored, processed, or transmitted. This level of compliance validation is required of any service provider supporting customers storing, processing, or transmitting an aggregate of greater than one million transactions or accounts per year. As a Level 1 service provider, OpSource demonstrated its compliance by successfully undergoing a stringent, annual, on-site PCI data security review covering over 250 compliance points.

Although the PCI standard was developed specifically for credit and debit card holder data, the PCI DSS requirements map closely to the security needs associated with any sensitive information. Customers with applications subject to other regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) can take advantage of our PCI-certified environment to easily meet other security and privacy compliance.

Safe Harbor

OpSource is certified under the U.S Commerce Department's Safe Harbor program, which signifies that OpSource employs policies and procedures that meet the privacy standards of the European Commission's Directive on Data Protection. The European Union's directive prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. By being Safe Harbor certified, OpSource's customers can be assured that their personal information is protected.

SAS 70 Type II

By being SAS 70 Type II compliant, OpSource provides a valuable tool for streamlining the audit of your on-demand business. SAS 70 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to evaluate the internal controls of a service provider. The Type I audit evaluates the service provider's documented internal procedures and processes to ensure that they are sufficient to achieve the service provider's control objectives. The Type II audit conducts a series of tests to ensure that the service provider is actually following those documented procedures and processes.

SAS 70 is designed to allow customers' auditors to "plug in" to the audits already performed on OpSource as part of the SAS 70 process. OpSource customers with auditing needs related to Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, or other legal or professional requirements can leverage the detailed OpSource SAS 70 audit report to provide their auditors an in-depth understanding of OpSource's processes and controls. This helps OpSource customers to ensure compliance with their own internal controls and regulatory requirements. Read the OpSource SAS 70 Type II Audit Report Summary.

HIPAA, SOX, and Other Regulations

Companies with applications subject to other regulatory requirements such as HIPAA, SOX, or Gramm-Leach-Bliley can take advantage of OpSource's PCI-certified environment to easily meet these compliance demands. Although the PCI standard was developed specifically for credit and debit card holder data, their requirements map closely to the security needs addressed in HIPAA, SOX and other security and privacy regulations. Customers of OpSource On-Demand can also leverage the detailed OpSource SAS 70 audit report to provide their auditors an in-depth understanding of OpSource's processes and controls. This helps OpSource customers to ensure compliance with their own internal controls and regulatory requirements.

Salesforce.com AppExchange

Since 2005, OpSource has been a trusted and certified application delivery partner of salesforce.com and the AppExchange. Because Salesforce has already done an in-depth evaluation of the OpSource On-Demand environment, OpSource customers looking to make their application available on AppExchange go through a shorter, reduced scope audit of their own application. This expedited review process will speed your time-to-market by 33 percent. As a result, some of the largest AppExchange participants including Business Objects as well as some of the more nascent entries, such as ClearMeeting, and Ribbit, have selected OpSource as their web application delivery expert. Read the OpSource SFDC AppExchange datasheet.

More information is available in our OpSource Compliance datasheet.

HOME | CUSTOMER LOGIN | PRODUCTS & SERVICES | SOLUTIONS | SUPPORT | PARTNERS | NEWS & EVENTS | COMPANY | RESOURCES | LEGAL | PRIVACY | SITEMAP | ADMIN