Carpathia has supported hundreds of customers in achieving compliance with both industry and regulatory standards. The foundation for this capability is our own security policy. Based on a superset of NIST800.53, ISO27001 and best practices from PCI, HIPAA and SOX, this policy has been used to help over 30 government agencies to complete the certification and accreditation process (known as C&A) to achieve an authority to operate (ATO) for FISMA and DIACAP compliance models.
Our federally compliant application platform (FCAP) puts this policy into action with a blueprint for true compliant hosting, covering facilities, operations, personnel and infrastructure. Carpathia guarantees compliance for customers adopting FCAP as their basis for government infrastructure hosting. This guarantee is unique in our industry.
Carpathia has obtained:
SAS70 Type II - Statement on Auditing Standards No. 70 - Set up by the American Institute of Certified Public Accountants in 1993, SAS70 spells out how an external auditor should assess the internal controls of an outsourcing service provider and issue an attestation report to outside parties or to a client.
Safeharbor - The Safe Harbor, approved by the EU in July of 2000, is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws.