Compliance & Security
The Evolve IP Compliance CloudTM
With a dedicated compliance and certifications practice, Evolve IP offers our customers confidence with The Compliance CloudTM. In addition to SSAE- 16 SOC II compliance, Evolve IP has been rigorously audited and achieved standing compliance for government (ITAR) and healthcare (HIPAA). The company also features one of the broadest sets of cloud service provider certifications in the nation including: VMware, Cisco, EMC, Microsoft, Citrix, and Polycom.
In addition to cloud security, Evolve IP enables IT departments to minimize the risk, complexity and ultimately cost of managing corporate data, especially around email. Evolve IP delivers solutions that help organizations protect the security, integrity and availability of information within their businesses.
Learn more about email security, archiving and continuity.
SSAE 16 Service Organization Control II (SOC 2)
Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.
International Traffic in Arms Regulations Compliant (ITAR)
The Compliance Cloud™ supports U.S. International Traffic in Arms Regulations (ITAR) compliance. As part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to U.S. persons and restricting the physical location of that data to the U.S.
The Compliance Cloud™ provides an environment physically located in the U.S. and where access by Evolve IP associates is limited to U.S. persons, thereby allowing qualified customers to transmit, process, and store protected articles and data subject to ITAR restriction. The Evolve IP Compliance Cloud™ environment has been audited by and independent third-party to validate the proper controls are in place to support customer export compliance programs for this requirement.
Download an ITAR-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing protected articles and data subject to ITAR restriction.
Health Insurance Portability & Accountability Act (HIPAA)
The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.
The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls:
- Military-grade data encryption in transit and at rest
- Password protected access to backups
- Redundant secure data centers
Download a HIPAA-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing Protected Health Information (PHI).
The Federal Risk and Authorization Management Program (FedRAMP)
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program standardizes how the Federal Information Security Management Act (FISMA) applies to cloud computing services.
FedRAMP process are designed to assist agencies in meeting FISMA requirements for cloud systems. The FedRAMP assessment is primarily based on the NIST SP800-53 rev4 control standards. FedRAMP is required for all agencies or cloud service providers that currently use, host, or want to host federal information in a cloud environment.
Evolve IP has gone through an assessment of The Compliance Cloud™ verifying that the controls are in place to meet the FedRAMP requirements for a low-impact risk environment.
Evolve IP is also an Approved Scanning Vendor (ASV) of the PCI (Payment Card Industry) Security Standards Council. Approved Scanning Vendors are organizations that validate adherence to certain DSS (Data Security Standards) requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. Evolve IP also has distinction in being designated as a former Qualified Security Assessor (QSA) with the PCI council. The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals and organizations that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
CSA STAR – Participating Member
Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
Evolve IP has the broadest set of cloud certifications in North America including:
- Cisco CMSP Master
- Cisco IaaS
- Cisco DRaaS
- Cisco DaaS
- EMC CSP
- VMware VSPP
- Microsoft CSPMicrosoft Mobility
- Microsoft SCA
- Polycom Platinum Provider
Evolve IP associates are dedicated to learning and growing their knowledge. Today on our staff you’ll find associates that hold multiple certifications for the following:
- Cisco SMB
- Cisco SMB Engineer
- MS 365
- Windows 7
- VMware VSP5
- VMware VTSP
- VOP CP
Industry and Other Vendor Certifications
- Six Sigma
- Red Hat
Evolve IP Secure Data Sovereignty and Security Management Practices
From its inception, Evolve IP recognized that security management and data integrity were not just important features and nice to haves, they are critical requirements demanded by enterprise customers and those subject to formal compliance regulations.
Experience you can trust
Evolve IP is a Managed Security Services Provider (MSSP) with longstanding experience in protecting, reporting and auditing enterprise customer networks. Products and services range from perimeter security (premise based or in the cloud) protection to ongoing vulnerability assessments and remediation.
These reports are available to qualifying customers to assist in audits, process design and provider competence evaluation. These reports attest that our security management and control program is appropriately designed and the controls defined to safeguard customer data are operating effectively over time. This allows our customers to leverage the power of the cloud but be completely confident that the applicable processes, technologies and controls are in place to provide the highest level of protection and compliance enablement in securing, processing and storing any type of sensitive data. This includes financial reporting data, healthcare patient data (PHI, ePHI) as defined by HIPAA and credit card processing as defined by PCI DSS 2.0.
These reports, certifications and affiliations differentiate Evolve IP from other service providers by demonstrating that we understand and have mitigated the risks within our environment (and by extension, our Customers’ environments) by proactively deploying audited and attested technology, processes and appropriate controls. It is for these reasons that Evolve IP has led the market in Cloud Services Securitization.