By John Ahearne, Forensic Analyst When data is is needed for use as evidence, it…
eWeek: Data Recovery Specialist DriveSavers Meets New SSAE 18 Security Standards
Originally published by eWeek.
By Chris Preimesberger
New standards converge the varying degrees of compliance standards that previously existed and bring all U.S. standards up to international standards of compliance.
DriveSavers, which specializes in data recovery, eDiscovery and digital forensics, said Aug. 2 that it is now in compliance with new data security requirements added to Standards Organization Controls (SOC) 1 and 2.
The American Institute of Certified Public Accountants recently enacted updated attestation standards for SOC 1 and 2. As of May 1, 2017, all service organizations who want to certify as maintaining security measures compliant with these protocols must pass Statement on Standards for Attestation Engagements (SSAE) No. 18, otherwise known as SSAE 18, rather than the previous standard, SSAE 16.
The new standards converge the varying degrees of compliance standards that previously existed and bring all U.S. standards up to international standards of compliance.
New requirements by these regulations are practices to which DriveSavers said it has been adhering for several years, including regular risk assessment and detailed reporting of the security practices of third-party services used by the company.
DriveSavers retrieves critical files from all types of data storage media, including solid state drives (SSDs), hard disk drives (HDDs), smartphones, camera cards and enterprise-level devices such as RAID, NAS and SAN. The company handles all kinds of data loss situations, including mechanical failure, physical, water and fire damage, data corruption, file deletions and more.
DriveSavers said it already meets international data security protocols, such as the Privacy Shield Framework and organizational data security protocols such as those for financial, legal, corporate and healthcare industries, including HIPAA, GLBA, FERPA, SOX and others.
Not only is security compliance essential for enterprise-level multi-drive devices such as RAID, NAS and SAN devices, but for all data storage devices. This includes smartphones, DriveSavers said.
During the last 32 years, DriveSavers has worked extensively with law enforcement agencies to provide legally defensible investigations and reports, and has experience understanding and interpreting data from all types of digital devices and operating systems.
DriveSavers claims to be the only data recovery service provider in the industry to post proof that it undergoes an annual SOC 2 Type II audit, which qualifies its security practices to handle enterprise-class recoveries and support those customers who must maintain compliance with data privacy and data security regulations including:
- NIST (National Institute of Standards & Technology) SP 800-171
- NIST (National Institute of Standards & Technology) SP 800.34 (Rev.1)
- HIPAA (Health Insurance Portability and Accountability Act)
- FERPA (Family Educational Rights and Privacy Act)
- SOX (Sarbanes-Oxley Act of 2002)
- GLBA (Gramm-Leach-Bliley Act of 1999)
All leading manufacturers authorize DriveSavers to open sealed drive mechanisms without voiding the original warranty, including Intel, Toshiba, SanDisk, Apple, Western Digital, Dell EMC, Sony, Kingston, VMWare and others.
DriveSavers customers include Bank of America, Google, Lucasfilm, NASA, Harvard University, St. Jude Children’s Research Hospital, U.S. Army and Sandia National Laboratories.