The Compliance Reports section allows authorized individuals to download company watermarked vXchnge compliance and security reports. These reports demonstrate vXchnge’s commitment to providing unparalleled physical and information security. All 14 vXchnge data centers are covered under the following industry standards:
SOC 1 Type II (SSAE 18)
The SOC 1 standard governs internal controls over financial reporting. The Type II report includes the design and testing of controls to report on the operational effectiveness of these controls over a period of time
SOC 2 Type II
The SOC 2 standard governs internal controls over operational controls such as physical and environmental security. It reports vXchnge’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. A Type II report includes detail on vXchnge’s controls as well as the third-party auditor’s detailed test procedures and results.
The ISO/IEC 27001:2013 certification is the most widely-accepted certification for information security controls. Through a continuously improved risk management framework, ISO/IEC 27001:2013 ensures that the appropriate people, processes, policies, and technologies are in place to detect and defend against potential data system vulnerabilities.
The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act set national standards for the privacy and security of electronically protected healthcare information. These standards insure that vXchnge implements and adheres to all physical, network, and process security measures related to protected healthcare information.
PCI DSS 3.2
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process credit card payments and prevent credit card fraud by creating controls around data and its exposure to risk.
Compliance Bridge Letter
In addition to the reports mentioned above, a compliance bridge letter can be downloaded, which certifies that the existing controls that were tested to ensure compliance for the reports mentioned above are still in place and working properly.