Corporate security policies and procedures are important, but 3rd party audited certifications make all the difference.
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
Leads360, in conjunction with our partner Data Return, has successfully achieved a SAS-70 Type II certification with an unqualified opinion. This certification represents that Leads360 has had its control objectives and control activities examined by an independent accounting and auditing firm and has demonstrated there are adequate controls and safeguards in place over information technology and related processes used to host and process data belonging to customers. This Type II certification not only includes Leads360’s description of controls, but also includes detailed testing of the organization's controls over a specified period of time.
Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, together with an implementing Safeguards Rule issued by the Federal Trade Commission (FTC), regulate the security and confidentiality of non-public customer personal information collected or maintained by or on behalf of financial institutions or their affiliates. To the extent that Leads360 is classified as a Service Provider under GLBA, by virtue of providing lead management services to financial institutions, Leads360 has established this Information Security Program (Program) to assure compliance with GLBA. For additional information about our GLBA policies and procedures please refer to our GLBA Information Security Program PDF.
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191, included "Administrative Simplification" provisions that required Health and Human Services (HHS) to adopt national standards for electronic health care transactions. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. To the extent that Leads360 receives Protected Health Information from our clients, Leads360 has established this Information Security Program (Program) to assure compliance with HIPAA.
The Microsoft Gold Certified Partner Program has been created to provide recognition to companies providing Hosting & Application Services that, through the program’s certification process, have demonstrated a consistent, high quality delivery of solutions built on Microsoft technology and the .NET Framework. The program only awards certification status for those specific hosted or application services that meet eligibility qualifications, proven service quality, and operational readiness benchmarks. Leads360, in conjunction with our partner Data Return, has met these standards since the inception of the Gold Certified program.
HP’s SP Certification program provides confirmation and recognition in the industry that a Service Provider (SP) is able to consistently deliver reliable services to a defined standard based upon industry best practice. The criteria employed during the assessment phase represent a very high standard of service infrastructure and have been drawn from a combination of HP’s extensive experience in the design and support of enterprise-level business-critical solutions, and industry best practice such as OGC IT Infrastructure Library (ITIL).
Two levels of certification are offered: SP Certified, based on an assessment of the IT infrastructure used to deliver a named service; and SP Signature Certified, based on an end-to-end assessment of all relevant IT infrastructure and service management practices involved in the delivery of the named service. Leads360, in conjunction with our partner Data Return, has held Signature Certified status since the inception of the HP SP certification program.