Nasuni Completes SOC 2 Type 1, CSA STAR Level 2, and HIPAA Audits for 2022

Nasuni Corporation announced the completion of its SOC 2 Type 1, CSA STAR Level 2, and HIPAA audits for 2022, providing enterprise customers with strong 3rd-party validation of its security and compliance systems as it enables their digital transformation and use of the cloud.

The company also had its ISO/IEC 27001:2013 certified provider status renewed for the current year. Unstructured file data contains the most sensitive enterprise intellectual property, and legacy storage and data protection technologies fail to provide adequate protection for this data. Cloud file services leverage the durability of the public cloud to deliver protection.

Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type 1 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. Its reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally reviewed. Nasuni plans to undergo another audit later this year to achieve SOC 2 Type 2, which assesses how effective these controls are over time by observing operations for a specified period.

“A SOC 2 audit is a statement about an organization’s commitment to protecting their information,” said Stephanie Oyler-Rankin, SOC practice lead, A-LIGN. “As a trusted 3rd-party assessment firm, A-LIGN independently evaluates client data processes and procedures, governance on internal controls, and security posture. Nasuni’s SOC 2 report validates its commitment to data security and protection, as well as compliance with critical standards to mitigate cybersecurity threats.“

The HIPAA (Health Insurance Portability and Accountability Act of 1996) audit illustrates that Nasuni meets the standards of the Privacy, Security, and Breach Notification Rules of HIPAA. HIPAA is a U.S. Federal law put in place to protect healthcare information as required for healthcare organizations. While the company is not in the healthcare industry, this is important for customers who are, especially for those for whom Nasuni may be considered a HIPAA Business Associate.

CSA STAR (Cloud Security Alliance – Security, Trust, Assurance, and Risk) Level 2 demonstrates the company’s commitment to achieve cloud security competency, and a commitment to the industry at large. It’s based on attaining ISO 27001 certification and meeting additional criteria specified in the Cloud Controls Matrix (CCM) Version 4. The firm proved that it conforms to the requirements of ISO 27001, has addressed issues critical to cloud security as outlined in the CCM, and has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.

The audits were conducted late last year by compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.

“Ensuring that the most effective and comprehensive security measures are in place for both Nasuni and its customers is our top priority,” said John Bilotti, CIO/CISO, Nasuni. “These successful audits demonstrate Nasuni’s commitment to providing its customers with the highest security standards, at all stages, as they leverage the cloud to gain advanced access, collaborate, scale, and improve economics over legacy solutions.“

Compliance with internationally recognized standards like SOC 2 confirms that the company’s security program follows industry best practices in the most comprehensive manner possible. This is a clear illustration that the firm’s commitment to data security has been formed, implemented, and controlled in all areas as the standard requires.

Resources:
Blog: Nasuni Achieves Third-Party Security & Compliance Standards    
Nasuni’s Trust Center