Compliance Across Industries

Compliance

We comply with a full range of industry-leading standards

Whether you’re a cutting-edge hospital in search of a data center with full HIPAA compliance, or you’re a school network that’s looking for a CIPA-compliant firewall to filter online content for K-12 students, we comply with the exacting standards for a wide array of different industries and verticals. And we’ll always make sure we’re fully compliant with your most stringent needs.

FirstLight complies with a full range of industry-leading standards.

Cloud and Data Center Compliance

Cloud and data center compliance

Many customers must meet certain requirements for data security and protection. The following compliances allow us to provide a home for your data, in our cloud or within our data centers – CJIS, ITAR, PCI, and HIPAA. We are also SOC 2, Type II certified and undergo an annual audit of our data center facilities and controls to ensure that we meet the highest standards of excellence.

SOCaaS Compliance

SOCaaS compliance

Whether your organization needs to be PCI, HIPAA, ITAR or CJIS compliant, we’ve designed our SOCaaS platform with these compliances in mind. Whether you’re in financial services, healthcare, or some other field, we have a robust set of policies, procedures, and controls all designed to help you meet or exceed your desired compliance, security, and privacy standards – including 24×7 time of event monitoring and reporting.

Data Encryption/Encrypted Wavelength Compliance

Data Encryption and Encrypted Wavelength compliance

Data encryption is used extensively in information technology and data communications across all industries. In fact, in the United States, data encryption is required in order to meet regulatory requirements applicable in an enormous number of industries. Whatever your industry or type of organization, rest assured that when you do business with FirstLight, you’re doing business with a company who can help you meet the most exacting encryption standards.

Examples of how Encrypted Wavelength ensures full compliance for in-flight data encryption:

PCI DSS – Payment Card Industry Data Security Standard, a standard that all organizations handling debit, credit, prepaid, ATM and POS cards must comply with. PCI Security Standards Council

HIPAA – Health Insurance Portability & Accountability Act, a standard that all healthcare providers, health insurance plans, and employers must comply with to protect patient privacy. U.S. Dept. of Health & Human Services

Personal Data Privacy and Security Act of 2005, a standard that all US business entities engaging in interstate commerce where personally identifiable information on 10,000 or more individuals is used are required to comply with in order to “protect personally identifiable information during use, transmission, storage and disposal by encryption or other reasonable means”. Personal Data Privacy and Security Act of 2005

Mandates for Type 1 and 3 encryption, which are specific to the U.S. Department of Defense. NSA Cryptography Types

FINRA – U.S. Security and Exchange Commission, a ruling that enforces cybersecurity requirements for dealers/brokers by using disciplinary action for failing to protect networks and nonpublic customer information with appropriate technology (including encryption, antivirus software and firewalls). Finra.gov

Sarbanes-Oxley (SOX), While Sarbanes-Oxley does not specifically call for the use of encryption as a control to protect financial data, its use is considered an industry best practice, and recommends “adoption of data encryption, both in transit and at rest”. Sarbanes–Oxley Act

Gramm-Leach-Bliley Act (GLBA) Section 501 of the GLBA, “Protection of Nonpublic Personal Information,” a standard that requires all financial institutions to “employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit”. FDIC.com

Content Filtering Compliance

CIPA compliance for K-12 schools

Our FilteredNet solution is designed to help schools (K-12) easily maintain CIPA compliance. The message here is similar to any managed service. We do it for you so you don’t have to, and it’s a crucial service that every school must have in place.

FirstLight's FilteredNet solution is designed to help schools (K-12) easily maintain CIPA compliance.

Contact Us

Whatever your compliance standards, we make it a point of pride to always meet them. If there’s a particular compliance standard that you’re looking to ensure we meet, chances are we already do or can be part of an overall solution that helps you get there. Contact our team today and we’ll provide you with all the requisite information.

Start a conversation with one of our connectivity specialists Connect with Us Today