On any given day, insurance companies are dealing with large volumes of sensitive data, including clients' personal and financial information. As such, it is essential that clients' data is safeguarded and housed within a secure environment.
That data is growing exponentially as the use of smartphones, tablet computers and other mobile devices are contributing to the increasing amount of data that a company gathers and stores. Add to this the fact that insurance organizations are faced with the growing issue of maintaining compliance with the changing statutory and federal regulations that are part of their business - whether it be the 2011 changes to the Bank Act that outline how banks are able to go to market with their insurance offerings, changes to the Insurance Companies Act that impact the reporting and reissuing of insurance so as to remain compliant, or switching of financial reporting from Canadian Generally Accepted Accounting Principles to the International Financial Reporting Standards that impact how Canadian corporations value and report assets and liabilities on their balance sheets.
When it comes to ensuring the security and availability of your companies' data, choosing a data centre provider that offers colocation services can often be your best option. Colocation offers the features and benefits of a large IT department without the cost, while also ensuring industry best practices and certifications, which provide peace of mind that data is safe, secure and available when it is needed.
However, there can be a divide between what a data centre provider says it does with regard to security, uptime and compliance, and what it actually does. When selecting a data centre provider, one thing is clear: proof beats promises.
Opting for a data centre partner that has validated, third-party certifications to back up its claims will help to minimize risk while maximizing availability and peace of mind.
Third-party certifications such as the Statement on Standards for Attestation Engagements (SSAE) or Health Insurance Portability and Accountability Act I (HIPAA) compliance mean there is assurance companies' data is going to be protected and available when needed. These certifications are especially important for organizations facing rigorous financial, operational and compliance obligations - when compliance is not optional, but a must.
Certifications benefit data centre customers in a number of ways. Partnering with a certified data centre often makes it easier and more feasible for an organization to obtain its own certifications. In some instances, partnering with a data centre that has gone through arduous certification and external audit processes saves the user the monumental task and financial burden that is required to carry out an audit or certification process on its own.
In addition, it also means the data centre is shouldering the risk and responsibility of compliance. Once a centre has received certification, it is on the hook to maintain and keep those designations current and up-to-date.
All data centre policies and procedures need to be documented so that they are understood and followed. Inconsistencies in the performance of data centre management and operations can lead to outages. The implementations of certifications help to mitigate that risk. While certifications can be home-grown to meet Canadian or North American regulations, it is the global certifications that have become important, especially in today's borderless business environment.
Meeting global certifications allows a company to expand its business, working with partners and customers in other parts of the world. Canadian data centres can have any number of both local and global certifications, so what should be top of mind when selecting a data centre partner? Here are four certifications that every insurance provider should look for in a data centre partner and what benefit they bring:
SSAE and International Standards for Assurance Engagements
SSAE No. 16 was created by the Auditing Standards Board of the American Institute of Certified Public Accountants.
This is an auditing statement that defines professional standards used by a service auditor to assess the internal controls of businesses that are providing a service - such as a data centre providing hosting services. As a result, partnering with a data centre that has achieved SSAE certification offers confidence that the company is maintaining effective and efficient internal controls related to financial, information or security reporting.
Similarly, ISAE 3402 - the International Standards for Assurance Engagements 3402 - is a global assurance standard for reporting on controls at service organizations.
Compliance with these internationally recognized audits is important to any organization that faces rigorous financial, operational and compliance obligations.
Founded in 1993, Uptime Institute is an unbiased, third-party data centre research, education and consulting organization. Based in the United States, this global organization awards tiered certifications to data centres, certifying the guarantees they make for uptime and availability.
Uptime Institute's tiered classification system is an international industry standard that is recognized and accepted here in Canada. The classifications identify data centre infrastructure design and address common benchmarking standard needs for operation.
Why is this important? Given the nature of the insurance business, companies need to have access to client data 24 hours a day, seven days a week, 365 days a year. Partnering with an Uptime-certified data centre provider means that data is going to be available how and whenever it is required.
Some data centres that have not been certified still try to hang on the coattails of these certifications by assigning their own tiers to their facilities. Be wary of any data centre providers that claim an uptime guarantee without certification from an unbiased, third party such as Uptime Institute.
The U.S.'s Health Insurance Portability and Accountability Act, also known as HIPAA, was developed with the purpose to protect personal medical information. This is a critical certification for any company within the medical industry - doctor's offices, hospitals, diagnostic imaging providers and, of course, the insurance companies that are dealing with these health care providers day in, day out.
Protecting medical information is serious business and non-compliance with HIPAA regulations can mean hefty fines for companies. As such it can be much more cost-effective for organizations to partner with an HIPAA-certified hosting provider. Not only does this save a company money, it ensures that clients' sensitive medical data is protected.
Leadership in Energy and Environmental Design
It is no secret that as the world's data proliferates, so grows the environmental impact of our data centres. Today, it is crucial that companies partner with a data centre provider that is taking steps to minimize its environmental footprint.
Leadership in Energy and Environmental Design, better known as LEED, is an internationally recognized green building certification system. Data centres that are LEED-certified have taken significant steps to lower electricity and water usage, waste and carbon emissions, while promoting environmental sustainability. LEED provides a concise framework for identifying and implementing practical and measurable green building design, constructions, operations and maintenance solutions. As companies around the world strive to be more environmentally friendly, it is important to partner with other companies that take going green as seriously as your company does.
However, a green data centre does not just benefit the hosting company housing data. Energy savings often translate into cost savings, which may be passed on to customers. LEED-certified data centres are not simply good for the environment; they are good for a company's bottom line.
At the end of the day, third-party verification and certification should not be underestimated. Without it, it is the buyer's responsibility to validate the design, operational process and, ultimately, the risk of outage at the site.
A data centre's certifications can offer peace of mind and save money - providing a greater independent assurance and objectivity that the controls, process and procedures the centre has in place adhere to third-party accreditation requirements and that hosting facilities are compliant with industry best practices. Companies need to invest in trusted and proven data centre partners that take a company's data as seriously as the company does.
Beyond that, it is cost-efficient for insurance organizations to purchase hosting services from a data centre that focuses on achieving and maintaining certifications. The results are not only peace of mind, but reduced risk and cost savings thanks to forgoing the expensive audits required for an independent company to become certified.