Compliance

Government regulations provide certain criteria for the electronic storage of data. Razor Technology's Data Vaulting Service facilitates our clients in satisfying compliance requirements. Our solution provides:

  • Secure, Offsite Storage of Data
  • Complete Backup / Recovery Audit Trails
  • DES 256 Encryption
  • Automated Backup Life Cycle
  • Multiple Copies of Backup Sets

How Razor Technology supports our clients for the following regulations:

Payment Card Industry (PCI)
  • Requirement: Protect stored cardholder data. - Access is allowed only through authorized personnel with the correct credentials and passwords.
  • Requirement: Encrypt transmission of cardholder data across open, public networks. - All data is encrypted with 256-bit encryption prior to transmission and while it resides in our data center.
  • Requirement: Restrict access to cardholder data by business need-to-know Client maintains full control over credentials - Razor Technology does not have access to any passwords or credentials.
  • Requirement: Track and monitor all access to network resources and cardholder data. - All access to backup data sets is date and time stamped, by user, enabling a full audit trail.
Sarbanes-Oxley Act (SOX)
  • Requirement: Information stored cannot be tampered with (altered) by any employee. - All data is encrypted with 256-bit encryption prior to transmission and while it resides in our data center. Razor Technology does not have access to any passwords or credentials.
  • Requirement: Trail of transactions must be discernable and kept in sequence - All iterations of a backed up file are incrementally.
  • Requirement: Ensure information is available only to the client's authorized personnel. - Access is allowed only through authorized personnel with the correct credentials and passwords.
  • Requirement: Records are accessible whenever needed. - Backup sets are available 7x24x365.
  • Requirement: The facility has the ability to maintain the data for the period stated in the Act. (Section 103 (a) (2) (A) (i): audit work papers and other information rating to any audit report is to be kept for a period not less than 7 years). - Data is stored in the vault for the duration of the client's policies around data retention. When a file has reached the end of its retention period, Razor Technology's Data Vaulting Service will automatically "wipe" the file and send a destruction certificate.
Health Insurance Portability and Accountability Act (HIPAA)
  • Requirement: Electronic personal health information (ePHI) must be protected against any reasonably anticipated threats or hazards. - Data is stored in a Tier 4 data center (highest level) that is SAS 70 compliant. Duplicate copies of stored data ensure recovery capabilities.
  • Requirement: Access to ePHI must be protected against any reasonably anticipated uses or disclosures that are not permitted or required by the Privacy Rule. - Data is encrypted before transmission and while "at rest" at our data center. Clients maintain full control over access credentials. There are no "back doors" to the stored information.
  • Requirement: Maintenance of record of access authorizations - All access to backup data sets is date and time stamped, by user, enabling a full audit trail.
  • Requirement: If the data is processed through a third party (Razor Technology), entities are required to enter into a chain of trust partner agreement. -Razor Technology's Data Vaulting Service Agreement states the parties agree to electronically exchange data and to protect the transmitted data. Data is encrypted inside the client's infrastructure before transmission and is stored in the encrypted state at Razor's data center.
Graham Leach Bliley Act (GLB)
  • Requirement: Encrypting sensitive customer information when it is transmitted electronically via public networks. - Data is encrypted inside the client's infrastructure before transmission and is stored in the encrypted state at Razor's data center.
  • Requirement: Ensure that storage areas are protected against destruction or damage from physical hazards, like fire or floods. - Data is stored in a Tier 4 data center (highest level) that is SAS 70 compliant. Duplicate copies of stored data ensure recovery capabilities.
  • Requirement: Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. - Client access is allowed only through authorized personnel with the correct credentials and passwords. All access to backup data sets is date and time stamped, by user, enabling a full audit trail.
Security Exchange Commission (SEC)
  • Requirement: Verify automatically the quality and accuracy of the storage media recording process - Autonomic Healing provides an automated method to constantly monitor and repair backup files before data corruption becomes a serious issue. As Autonomic Healing checks backup files, it automatically corrects file and directory ID duplications, without the need of human intervention. When it finds a problematic file that it can't fix at Razor Technology's data center, it automatically triggers the system's software at the customer's site to re-synchronize and resend any corrupted files.
  • Requirement: Serialize the original, and, if applicable, duplicate units of the storage media, and time-date for the required period of retention the information placed on such electronic storage media. - All iterations of a backed up file are incremental. When data is restored to the client system, the original remains in the vault in the same exact state as the initial backup until it reaches the prescribed end-of-life when it will be "wiped" and a destruction certificate will be issued.
  • Requirement: Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable. - Data is available for online restores 7x24x365. All backups are stored with the catalogs (indexes) and accessible to authorized users at all times.
  • Requirement: Store separately from the original a duplicate copy of the record stored on any medium acceptable for the time required. - Razor Technology Data Vaulting Service provides two duplicate copies of the original data: one copy of the backup sets are maintained locally at the customer's site in an uncompressed and unencrypted state and a second copy, that is compressed and encrypted, is stored in our data center. We also make a backup copy of all data that is stored in our data center to ensure our client's data is available for restoration.