ORock Technologies Receives PCI DSS, HIPAA, HITECH Certifications (CDSA)

ORock Technologies announced that it achieved Payment Card Industry Data Security Standard (PCI DSS) certification for its ORockCloud hosting environment and underlying network infrastructure.

ORock also completed its annual assessment and renewal to maintain compliance with two important standards governing the protection of health care information systems, consisting of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

ORockCloud is fully compliant with PCI DSS, HIPAA, and HITECH standards, a critical set of security requirements for commercial enterprises and government agencies that process health and financial data. Assessments were performed by Schellman & Company, LLC, a qualified security assessor.

The PCI DSS security standard ensures companies that accept, process, store, or transmit credit card information maintain a secure environment. It applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. PCI compliance is critical in today’s environment of data breaches and growing security concerns for retailers and processors.

Similarly, HIPAA/HITECH certification asserts that the information security program conforms to the applicable implementation specifications within the HIPAA Security Standards for the Protection of Electronic Protected Health Information (ePHI), and the Notification in the Case of Breach of Unsecured Protected Health Information. These standards support the protection of personal medical information in conjunction with personally identifiable information (PII).

In addition, ORockCloud also is authorized by the Federal Risk and Authorization Management Program (FedRAMP) at the Moderate Impact Level, with a provisional authorization from the Department of Defense (DoD) at Impact Level 2. These standards enable civilian government agencies, DoD, and commercial organizations to utilize ORockCloud for IaaS, PaaS, and hybrid cloud services. Earlier this month, ORock announced the launch of ORock HighCloud, a new Government-Only Community Cloud that is “FedRAMP Ready” at the High Impact Level to process and store the most sensitive unclassified government workloads in the cloud.

“ORock continues to prove and validate the security posture of our cloud by meeting these critical compliance standards,” said Michael Ngo, Chief Security Officer of ORock Technologies. “Our focus on security enables our customers in highly regulated industries and the public sector to pursue their IT modernization and cloud migration strategies while protecting mission-critical data and lowering risk.”