Regulatory Compliance

The CS SecureCloud™ Solution

Moving your business onto the "Cloud" provides significant competitive advantages, delivers true virtual business model flexibility, reduces operating costs, and increases workflow productivity. However, if you are a business professional who works within a regulated industry, or if your clients work across the boundaries of one or more regulated industries, then whether or not you have moved your business onto the "Cloud" you must make sure that your business practices meet the specifications of your industry's regulatory compliance requirements. It is very likely that your private electronic communications and exchanges of business data (especially client identity and financial information) are now subject to a vast and rapidly growing array of complex regulatory compliance rules, and your clients' data may also be subject to overlapping regulatory jurisdictions. For many professionals who work with their clients' financial data, the rules and regulations of the new Dodd-Frank Wall Street Reform and Consumer Protection Act are now coming into effect and the new Consumer Financial Protection Bureau (CFPB) is in the process of creating a much more comprehensive and wide-spread compliance regime.

Many commonly used forms of electronic communications (such as emails, document attachments, or sending faxes) are not secure forms of communication. You should be aware that both civil and criminal penalties may apply to your business if you are negligent in your communications and data storage practices, and you may be exposing your clients' private data in violation of compliance regulations applicable to you when you handle their personal and financial data. To many business professionals the use of "Cloud" technology is new and migrating your business to the "Cloud" will be a big technology leap forward. Not all "Cloud" technology, however, is secure. Moreover, the use of "Cloud" technology by itself will not satisfy the applicable industry compliance regulators. In fact the opposite is more likely the case. Many "Cloud" technologies are built upon "Open–Public" Internet architectures that are designed and intended for open-public uses (such as search, advertising, or social networking) and as such they are poorly suited to securely manage private communications and sensitive data (esp. financial, legal or medical/insurance data).

So how does a business professional keep ahead of this wide array of compliance regulations in this rapidly changing technology environment? The simple and easy solution for CS Partners is to deliver your business model via a CS SecureCloud™ Platform, which will provide you with a cost-effective and secure advantage in meeting your industry's compliance requirements.

The CS SecureCloud™ Platform includes:

Multi-factor and CS Zero Trust™ user access authentication designed to meet or exceed the regulatory standards of the FDIC for electronic banking, which is the gold standard for many other industries.
256 bit encrypted data communications.
SSAE18/SOC 1, SOC 2, SOC 3 compliant Data Center with independent 3rd party audits.
PCI compliance as used in the protection of credit card data communications and which is required by the IRS for any electronic communications used in the entire e-file chain.
Data Protections: data access privileges protections, data storage, data encryption, long term data archive retention, and data center audit policies can be tailored to meet our CS Partners regulatory requirements, including CS Partners who may be subject to Dodd-Frank CFPA, GLBD, FDIC, SEC, FINRA, HIPAA, IRS, and other similar regulatory frameworks and authorities.

CS SecureCloud™ Data Center and Infrastructure

The CS SecureCloud™ Platform runs exclusively in the Otava data center (Westland MI). This data center delivers an unparalleled level of reliable services designed and developed with a rock-solid infrastructure and with performance and reliability in mind that includes redundant network connectivity and monitoring and security measures that ensure reliability and performance.

The data center has been designed to avoid any single point of failure. All carriers are connected via multiple fiber optic rings, which enter the data center at diverse entry points and provide total communications redundancy. Multiple core routers, firewalls and switches have redundant components and network interfaces. Equipment with redundant power supplies are fed by separate circuits, which are connected to separate PDUs, that are fed by separate UPSes that are fed from separate transformers. In the unlikely event of complete power loss to the building, all equipment would instantaneously fail over to a UPS system until backup diesel generators begin providing power indefinitely. Otava's redundant HVAC system is also supported by the backup power system, ensuring that the data center temperature and climate are always appropriately maintained, even in the event of a power failure.

Security and Monitoring

The data center is monitored 24 hours a day, and is cardkey controlled to allow access only to authorized personnel. After regular business hours, access to the building where the data center resides is also restricted to authorized personnel. All entries/exits are logged by their internal security department, and the data center security staff regularly patrol the data center during non-business hours.

Network and system security is provided using a combination of multiple firewalls, access control lists, network based intrusion detection software, encryption, port wrapping and the disabling of unused network services. They perform periodic, unscheduled security audits using third-party security firms to identify any potential problems before they can affect our network. Their staff regularly attends security training and security conferences to stay ahead of the latest vulnerabilities. Equipment and network connectivity are monitored 24 hours a day by their security department using various monitoring software. In the event of a failure in hardware or connectivity, resolution of the issue will begin within minutes.

SSAE-16 Audited Data Center

The CS SecureCloud™ Platform will save you time and money by not requiring you to reinvent the wheel — many of the controls required for compliance are already in place and verified by 3rd Party auditors. The SSAE-16 Report demonstrates that an independent auditor's review of the data center's controls and safeguards regarding the operation of its Otava data center are relevant, suitably designed, in place and meeting the design objectives of the controls. Otava has has both HIPAA and PCI (Payment Card Industry) Certification. The data center hosts numerous HIPAA and PCI compliant environments and Otava works to make sure that their procedures and controls meet the HIPAA and PCI 1.2 Data Security Standard requirements.

Compliance Audits

The CS SecureCloud™ Platform will also save you time and money by enabling you to take advantage of our experience and the knowledge of our staff regarding audit and compliance requirements. Using the experience gained in previous audits, CS and Otava have designed a network and server infrastructure to help you comply with the various regulatory requirements. We can work with you individually to design and implement your business model on the CS SecureCloud™ Platform, hosted within the Otava infrastructure, that satisfies your specific requirements. Each customer's situation and requirements are different. CS and Otava will work with your internal IT staff or your 3rd party auditors to address your compliance issues. Although we are not auditors, we can assist you, as we have many of our other customers, in preparing for and responding to questions and issues that may come up during an audit. Since no two customer environments or audits are exactly alike, we will work with you to determine a scope of work and the associated costs on a case-by-case basis.

Products & Services \| Partner Programs \| Compliance \| About Us \| Contact Us \| Home
Protection	Compliance	Membership
Privacy Policy \|