Security and Compliance
As an IT professional you need to be able to assure your clients that their data is secure at every step of the process—not just once it’s in the cloud. We take the security and compliance of your clients’ data very seriously.
If you handle Personal Health Information (PHI) for your healthcare clients, you know the importance of complying with United States HIPAA and HITECH regulations. Migrations need to follow these same regulations. BitTitan released the first-ever HIPAA/HITECH-compliant suite of migration products to ensure your data is as secure during your move to the cloud as it is upon arrival. With strict security management processes, advanced technical safeguards, defense-grade encryption algorithms, and rigid information-access controls, we keep information safe and secure—allowing you to focus on completing the project.
PCIOur data centers PCI compliant, and around the world are AICPA SSAE 16 (formerly SAS 70 Type II) compliant.
We are certified as a Privacy Shield participant for the purpose of privacy laws and compliance with EU data protection directives.
EU Model Clauses
We have a company-wide compliance program to meet this rigorous standard, and BitTitan can offer the EU Model Clauses to our European customers.
BitTitan products operate outside of the firewall and connect to messaging systems the same way any external user would. There is no need to install third-party software inside of your firewall or network.
Mailbox data (including subjects, bodies, attachments, etc.) are not stored on our servers. In some cases, the data may be cached temporarily in order to optimize network throughput. If cached, rest assured that your data is wiped immediately once that mailbox is done migrating.
Mailbox credentials are stored using military-grade AES encryption. Once credentials are submitted by either the administrator or end user, the credentials cannot be retrieved or seen. The credentials are immediately purged from the system once you delete the corresponding configuration to which it is associated.
We have implemented an automatic purge policy that will delete any configuration that is not used. If no migration has been performed within 90 days (either of your last migration or creation of configuration, whichever is later), we will delete the data from our servers. You can configure this to be a longer or shorter period.
Our data centers are compliant with ISO/IEC 27001/27002:2013, SOC 1 Type 2 and SOC 2 Type 2, PCI DSS Level 1, FISMA, HIPAA/HITECH, CJIS, CSA CCM, FERPA and others. You can select the location of the data center from which migrations will be processed. We offer data center locations in Australia, Europe, North America, Japan, South America, and Southeast Asia.