Compliance Programs and Certifications

SSAE 16 SOC 2 Certification

In today's business market, service organizations are looking for a partner who can help them deploy IT infrastructure services and have the necessary controls and measures that comply with their local and corporate requirements. One of eSecureData's core missions is to help businesses meet their SSAE 16 certification requirements in accordance with AT 101 (formerly the SAS70 and CSAE 3416 Type II), which meets the new international service organizations standards for Type I and Type II reporting.

We achieve this by building a solid foundation around SSAE 16 requirements including physical security, data storage/security and control procedures that enable your company to feel confident that your data is in trusted hands. As a result, customers who have web hosting services with us including dedicated servers, virtual servers (VPS), cloud servers, cloud computing, cloud storage and/or shared hosting can feel confident that they are in a secure, reliable and effect environment that has the proper controls for internet operations and highly available IT services.

The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) issues the SSAE 16 Type II (formerly SAS 70) to service organizations that typically offer outsourced services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.

ISO 27002

Critical to our ongoing business improvements, eSecureData has implemented ISO 27002 established guidelines and principles for security management in our organization including designated best practices of control objectives and controls in the following areas of information security management:

  • security policy
  • organization of information security
  • asset management
  • physical and environmental security
  • communications and operations management
  • access controls
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • compliance

As a company, we have developed and implement standard organizational security standards and effective security management practices, and can give our clients reassurance that their business and governance requirements can be met.


eSecureData is fully compliant with PIPEDA (The Personal Information Protection and Electronic documents Act) and helps companies meet the mandatory provisions of the protection of person information. These provisions include, but are limited to, the following:

  • Consent must be garnered for collection of personal information
  • Collection of personal information limited to reasonable purposes
  • Limits use and disclosure of personal information
  • Limits access to personal information
  • Stored personal information must be accurate and complete
  • Designates the role of the Privacy Officer
  • Policies and procedures for breaches of privacy
  • Measures for resolution of complaints
  • Special rules for employment relationships


eSecureData is PHIPA (Personal Health Information Protection Act) compliant. PHIPA is similar to HIPAA (Health Insurance Portability and Accountability Act) and is often considered the Canadian equivalent. Customers should note that as part of the PHIPA compliancy, any information stored and user consent is given to the healthcare provider that obtains and maintains the data, and not the hosting provider. eSecureData is 100% Canadian-owned and -operated and all servers and infrastructure are located in Canada.

As the hosting provider, eSecureData fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario ( We ensure the following:

  • Notification is sent for any privacy breach to the custodian as soon as possible
  • Provide a plain language description of our services
  • Prepare an audit trail feature to track the use of our database
  • Have written risk assessment of the system
  • Have written privacy policies

For additional information, visit or contact us at

What This Means for Our Customers

Customers can now outsource web-hosting services including dedicated servers, virtual servers (VPS), cloud servers and/or shared hosting to a provider that already meets SSAE 16 requirements. In doing so, you can focus your company's time, money, and manpower on core functions that will drive additional revenue to your business. Here are some examples of eSecureData's SSAE 16 compliance controls and physical security that our hosting environment supplements:

  • Facilities and asset management
  • Logical access and access control
  • Network and information security
  • Computer operations
  • Backup and recovery
  • Change and incident management
  • Organizational and administrative controls
  • Security policies, reporting, and monitoring
  • Physical and logical security

SSAE 16 Compliant Web Hosting and Security Features:

eSecureData is the industry leader in delivering 100% Canadian web hosting solutions for businesses requiring a SSAE 16 certification with their web hosting environment. When combined with our enterprise-grade web hosting hardware, and a secure hosting environment that features many leading technologies including our Unified Security Services, eSecureData will help you achieve compliance.

  • SSL capability
  • Enterprise-level, application level protection
  • Hardware/Software firewall
  • IP-Restricted FTP
  • Managed backups with guaranteed retention
  • Advanced 24/7monitoring
  • Multi-level intrusion prevention (IPS/IDS)
  • Anti-Spam, Anti-Malware, Anti-Virus
  • Log Management