DTI’s data security and privacy standards are among the industry’s best practices. DTI’s Information Security and Compliance team is responsible for all aspects related to protecting the confidentiality, privacy and integrity of client and corporate data for DTI. The team ensures undivided attention will remain focused on both creating and maintaining policies, standards and procedures for information security and data privacy. This includes monitoring compliance with internal information security policies and external regulatory and contractual requirements, as well as maintaining existing and achieving new security standards and certifications.
Formulation of Risk Mitigation Strategy
DTI has formulated a risk mitigation strategy that leverages existing international and domestic standards regarding information protection, privacy and general security practices. Standards have been incorporated where such adoption would prove beneficial to the client base and general operations.
- ISO 27000 – Formerly ISO 17799 and BS 7799, these two standards provide guidance on the establishment of risk awareness, policy and security expertise in the format of a security forum, master security policy and compliance management expertise.
- HIPAA – Medical information is secured from unauthorized access, tampering and general threat to privacy through the inclusion of HIPAA compliance processes established throughout the organization.
- PCI DSS – Credit card information is secured from unauthorized access, tampering and general threat to exposure through the inclusion of PCI Data Security Standards compliance processes established throughout the organization.
- GLBA – The Gramm-Leach Bliley Act provides regulatory requirements regarding the protection of client financial information. Such policies derived through the ISO 27000 program provide compliance measures meeting all aspects of GLBA guidelines and requirements.
- SOC 2 – American Institute of CPAs (AICPA)’s Service Organization Controls 2 (SOC 2) security report demonstrating that DTI has met criteria for controls as a service organization for its data center security, redundancy, and disaster recovery.
- Safe Harbor – The European Union’s privacy protection regulations serve to outline protection mechanisms required of data stores containing US, EU and Swiss citizen personal information.
Security & Privacy
The security, integrity and privacy of client data entrusted to our hosting services are a critical focus of our day-to-day operational activities. To ensure the highest level of client data protection, DTI has created multiple, redundant layers of security and related processes.