Lyve Cloud Object Storage Product Features 
Lyve Cloud Object Storage Product Features 

Was this content helpful?

OPEN MENU CLOSE MENU

Lyve Cloud Compliance

This chapter provides a summary of the key certifications and compliance requirements that organizations should consider when selecting and implementing cloud services. From HIPAA to ISO 27001 to SOC 2, this guide covers the most widely recognized standards and best practices for cloud security and privacy. It explains why these certifications and requirements are critical to ensure the protection of sensitive information in the cloud.

HIPAA

Seagate designed Lyve Cloud to be a leading cloud storage solution for the healthcare sector, built on core principles of resilience, compliance, performance, and value. Recognized by Health and Human Services (HHS.org) as a No View SaaS provider, Lyve Cloud ensures that customer data remains fully protected. Lyve Cloud's standards-based architecture enables exceptional levels of security and regulatory compliance, setting it apart in the cloud storage market.

Lyve Cloud delivers high-availability, hot-tier object storage at the cost of archival storage, offering unmatched value for healthcare organizations. Unlike legacy providers, Lyve Cloud was built with modern security-first principles, resulting in fewer vulnerabilities and a more robust infrastructure.

Lyve Cloud has a HIPAA Compliant report

A HIPAA (Health Insurance Portability and Accountability Act) compliant cloud is expected to meet certain standards to ensure the protection of sensitive health information. The following are some of the key expectations of a HIPAA-compliant cloud:

  • Security: The provider must have strong security measures in place to protect the confidentiality, integrity, and availability of electronically protected health information (ePHI). This includes encryption, access controls, and audit logs.
  • Privacy: The provider must have strict privacy policies and procedures in place to ensure that ePHI is only accessed by authorized individuals. This includes limiting access to ePHI, conducting background checks on employees, and training employees on privacy and security.
  • Compliance: The provider must comply with all HIPAA regulations, including the HIPAA Security Rule, the HIPAA Breach Notification Rule, and associated policies, procedures, and documentation.
  • Business Associate Agreement: The provider must sign a Business Associate Agreement (BAA) with its clients to ensure that they understand and agree to comply with HIPAA regulations.
  • Disaster Recovery and Business Continuity: The provider must have a disaster recovery and business continuity plan in place to ensure that ePHI can be recovered in the event of a disaster or data loss.
  • Monitoring and Auditing: The provider must regularly monitor and audit systems and processes to ensure that they comply with HIPAA regulations and to identify and address any potential security or privacy breaches.
  • Technical Support: The provider must provide technical support to their clients to ensure that they can effectively use the cloud and resolve any issues that may arise.

It is important to note that the responsibility for ensuring HIPAA compliance does not rest solely with the cloud provider. The entity using the cloud (known as the covered entity) must also ensure that they comply with HIPAA regulations.

ISO 27001

ISO 27001 is an internationally recognized standard for information security management. It defines a framework of best practices and controls designed to safeguard sensitive data. A cloud service certified under ISO 27001 is expected to meet the following core requirements:

  • Information Security Management System (ISMS): The cloud provider must maintain a comprehensive ISMS that governs the protection of sensitive information. This system should encompass all facets of security, including access control, incident response, risk management, and business continuity.
  • Security Controls: Robust security controls must be in place to defend against threats. These include, but are not limited to, encryption, access management, firewalls, and intrusion detection/prevention systems.
  • Risk Management: A proactive risk management process is essential. The provider must regularly identify, assess, and mitigate risks through security assessments, threat modeling, and the implementation of appropriate safeguards.
  • Data Privacy: Strict data privacy policies and procedures must ensure that sensitive information is accessed only by authorized personnel and handled in compliance with relevant regulations. 
  • Business Continuity and Disaster Recovery: The cloud service must have tested plans for business continuity and disaster recovery to ensure data protection and service availability during disruptions or data loss events.
  • Monitoring and Auditing: Continuous monitoring and regular audits are required to verify compliance with ISO 27001 and to detect and respond to potential security or privacy incidents.
  • Technical Support: The cloud service must provide technical support to their clients to ensure that they can effectively use the cloud and resolve any issues that may arise.
  • Continual Improvement: The provider must implement a continuous improvement process to ensure its security controls and procedures are regularly updated to address emerging threats and evolving risks.

A cloud service with an ISO 27001 certificate is expected to have a comprehensive and robust approach to information security management covering all aspects of information security, including but not limited to risk management, data privacy, business continuity, and monitoring and auditing.

Type 2 SOC 2

Lyve Cloud has a Type 2 SOC 2 Attestation report

A SOC 2 attestation is a third-party assessment of a cloud service provider's controls related to the security, availability, processing integrity, confidentiality, and privacy of the information processed by the service. Type 2 SOC 2 attestation specifically refers to an assessment of the cloud service provider's controls over a period of time (typically six months or more).

A cloud service provider that has received a Type 2 SOC 2 attestation is expected to meet the following expectations:

  • Information Security: A robust security program must be in place to safeguard sensitive data. This includes implementing access controls, encryption, firewalls, and regular monitoring and auditing of systems.
  • Availability: The provider must ensure high service availability through redundant infrastructure, real-time monitoring, and a well-defined disaster recovery strategy.
  • Processing Integrity: Controls must be implemented to guarantee the accuracy and reliability of data processing. This includes validation mechanisms, error detection, and audit trails.
  • Confidentiality: Strict policies and procedures must protect sensitive information, ensuring access is limited to authorized individuals only.
  • Privacy: A comprehensive privacy program must be in place to meet the requirements of relevant privacy regulations and standards such as GDPR or HIPAA.
  • Monitoring and Auditing: The provider must regularly monitor and audit systems and processes to ensure that they comply with SOC 2, and to identify and address potential security or privacy breaches.
  • Technical Support: Clients must have access to technical support to ensure that they can effectively use their services and resolve issues.
  • Continual Improvement: The provider must maintain a continuous improvement process to adapt its security controls and practices to evolving threats and industry standards.

Lyve Cloud’s Type 2 SOC 2 attestation reflects a comprehensive and proactive approach to information security, privacy, and availability. It assures customers that their data is protected by industry-leading controls and that the platform is built for trust, resilience, and compliance.

Summary

Certifications and compliance are essential to establishing trust and confidence in Lyve Cloud. They demonstrate alignment with legal and regulatory standards, reinforce strong security practices, support effective risk management, and offer a competitive edge in the cloud services market.

Lyve Cloud holds several key international certifications and attestations, reflecting its commitment to security, privacy, and operational excellence. This list continues to grow, driven by ongoing customer feedback and evolving industry requirements.

Lyve Cloud Object Storage Product Features 

Click here to access an up-to-date online versionof this document. You will also find the most recent content as well as expandable illustrations, easier navigation, and search capability.