More Secure, More Reliable.
Data Centers are the workhorses of the Internet. Storing data, Protecting data, Replicating and Expanding it.
Clouds, Wireless, Physical security, network security, power and network reliability, energy efficiency… all start with the data center.
Choose the best data centers. Choose AiNET.
Massive Power. Massive Storage. Massive Fiber.
Data center power, grow as you need. Colocation offers your equipment in a secure, highly efficient data center to meet your needs. Virtualized Hyperconverged, Private Cloud, Hybrid or anything you need!
Virtualized Hyperconverged, Private Cloud, Hybrid or anything you need!
Low-latency, secure, private direct connections to every cloud and data center on the planet. Delivered in days from 1Gb/s to 400Gb/s.
With Storage-as-a-Service from AiNET your organization can instantly access data, across a wide array of hardware platforms, anywhere in the world. Our object-based storage supports business continuity planning as well as remote office environments and is highly secure and compliance ready.
Cloud storage creates huge operational efficiencies for our data-heavy clients. Our cloud storage is reliable, accessible, and scalable, designed to grow with your business.
We understand how valuable your data is to your organization. Our mission is to ensure that you can instantly access it, anytime, anywhere.
AiNET understands your challenge, and we have a way to solve it for you. Our in-building communications solution brings high-quality internet service to your building and tenants, and connects it with systems which protect your whole building with life-safety communication technologies in a cost-effective, turnkey way.
AiNET offsets 100% of its carbon footprint in credits and green renewable energy sources.
The CMMC model has five defined levels, each with a set of supporting practices and processes, illustrated in Figure 2. Practices range from Level 1 (basic cyber hygiene) and to Level 5 (advance/progressive). In parallel, processes range from being performed at Level 1, to being documented at Level 2, to being optimized across the organization at Level 5. For more information, visit the CMMC website.
Centers for Medicare & Medicaid Services “Meaningful Use” Incentive Program: The EHR Incentive Program establishes requirements for the electronic capture of clinical data, including providing patients with electronic copies of health information, and ensures that the meaningful use of EHRs supports the aims and priorities of the National Quality Strategy. For more information, visit the CMS website.
Director of Central Intelligence, Directive 6/9: Standard addressing the construction, access control and alarming of a Sensitive Compartmented Information Facility (SCIF). Still widely-known, although it has been replaced by ICD 705.
DoD Information Assurance Certification and Accreditation Process
Electronic Healthcare Network Accreditation Commission: EHNAC is an independent, federally recognized, standards development organization designed to improve transactional quality, operational efficiency and data security in healthcare. For more information, visit the EHNAC website.
Needs content
Issued by the National Institute of Standards and Technology, the Federal Information Processing Standards (FIPS) 140 Series are security standards dealing with hardware and software cryptography modules.
Federal Information Security Management Act. Active High/Moderate/Low ATO.
Need content
Health Insurance Portability and Accountability Act
Health Information Technology for Economic and Clinical Health: The HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, promotes the adoption and meaningful use of health information technology, addressing the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. For more information, visit the Department of Health and Human Services website.
Health Information Trust Alliance: HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection. For more information, visit the HITRUST Alliance website.
Intelligence Community Directive 705.2/705.3: The successor set to DCID 6/8, ICD 705.2 addresses Construction of SCIFs Within the United States (including U.S. Trusts, Territories and Possessions) while 705.3 addresses foreign locations.
International Fire Code Requirements
Section 510.01 – All new buildings shall have approved radio coverage for emergency responders within the building based upon the existing coverage levels of the public safety communication systems of the jurisdiction at the exterior of the building. This section shall not require the improvement of the existing public safety communications systems.
Section 510.4.2.1 – Buildings and structures which cannot support the required level of radio coverage shall be equipped with a radiating cable system, a distributed antenna system with Federal Communications Commission (FCC)-certified signal boosters, or other system approved by the fire code official in order to achieve the required adequate radio coverage.
Take the necessary steps to protect your property, tenants, and business. Reach out to AiNET today to schedule your totally free NFPA-compliance consultation, and rest easy knowing your building is covered by the experts.
24.5.2.2.1 – Critical Areas, such as the fire command center(s), the fire pump room(s), exit stairs, exit passageways, elevator lobbies, standpipe cabinets, sprinkler sectional valve locations, and other areas deemed critical by the authority having jurisdiction, shall be provided with 99 percent floor area radio coverage
24.5.2.3.1 – A minimum inbound signal strength of -95dBm, or other signal strength as required by authority having jurisdiction, shall be provided throughout the coverage area.
24.5.2.2.3 – Buildings and structures that cannot support the required level of coverage shall be equipped with radiating cable system or distributed antenna system (DAS) with FCC-certified signal booster, or both, or with a system that is otherwise approved, in order to achieve the required adequate coverage.
National Institute of Standards and Technology Standards on Cloud computing and security
Payment Card Industry Data Security Standard: An information security standard for organizations that handle cardholder information for credit cards, debit cards, etc.
The Sarbanes–Oxley (“SOX”) law defines mandates and requirements for financial reporting.
SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization. The more-stringent SAS 70 Type II certification report includes the service auditor’s opinion on the fairness of the presentation of the service organization’s description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives.
The Service Organization Control (SOC) 1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70, complete with a Type I and Type II reports, but falls under the SSAE 16 guidance.
The Service Organization Control (SOC) 2 Report will be performed in accordance with AT 101 and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 16). The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC 1/SSAE 16 which is focused on the financial reporting controls.
The SOC 3 Report, just like SOC 2, is based upon the Trust Service Principles and performed under AT101, the difference being that a SOC 3 Report can be freely distributed (general use) and only reports on if the entity has achieved the Trust Services criteria or not (no description of tests and results or opinion on description of the system). The lack of a detailed report requires that a SOC 3 be performed as a Type II, unlike SOC 1 and SOC 2 where there is a Type I option. SOC 3 reports can be issued on one or multiple Trust Services principles (security, availability, processing integrity, confidentiality, and privacy) and allow the organization to place a seal on their website upon successful completion. The Trust Service Principles were designed with a focus on e-commerce systems due to the amount of private/confidential/financial information that flows across the internet daily. When a customer processes a transaction (online retailer), builds a business on your service (SaaS providers), or submits private information, they want to know best practices are being followed by the company to guard against security leaks, lost sales, and damaged data. The most common reports based upon the trust principles are referred to as WebTrust and SysTrust.The SysTrust review encompasses a combination of the following principles:Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely, and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed.The WebTrust certification can fall into the following four categories:
WebTrust. The scope of the engagement includes any combination of the trust principles and criteria .
WebTrust Online Privacy. The scope of the engagement is based upon the online privacy principle and criteria.
WebTrust Consumer Protection. The scope of the engagement is based upon the processing integrity and relevant online privacy principles and criteria.
WebTrust for Certification Authorities. The scope of the engagement is based upon specific principles and related criteria unique to certification authorities.
SSAE-16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402.
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the identification and classification of risk and appropriate management of third party vendor relationships. These changes, while, not overly burdensome, will help close the loop on key areas that industry professionals noted gaps in many service organization’s reports.
SSAE18 is now effective as of May 1, 2017, and if you have not made the necessary adjustments required, now is the time to find a quality provider to discuss the proper steps. All organizations are now required to issue their System and Organization Controls (SOC) Report under the SSAE-18 standard in a SOC 1 Report. The SOC 1 report produced will look and feel very similar to the one issued under SSAE-16, it will just contain a couple of additional sections and controls to further enhance the content and quality, and thus, the ability for third parties to rely on.
What’s New in SSAE 18?
As mentioned above, there are a couple of key changes that AiNET confirms it has:
The SysTrust review encompasses a combination of the following principles:Security: The system is protected against unauthorized access (both physical and logical).
Highest level data certification designated by the Telecommunications Industry Association (TIA) and sanctioned by the American National Standards Institute (ANSI). The hallmark of a TIA-942 Tier IV data center is a design/implementation that offers not just concurrent maintainability, but also fault tolerance – the ability of the data center to withstand the loss of one or more major systems. See thorough system block diagrams of AiNET’s certified TIA-942 Tier IV design/implementation.
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely, and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed. The WebTrust certification can fall into the following four categories:
The scope of the engagement includes any combination of the trust principles and criteria.
WebTrust Online Privacy. The scope of the engagement is based upon the online privacy principle and criteria.
WebTrust Consumer Protection. The scope of the engagement is based upon the processing integrity and relevant online privacy principles and criteria.
WebTrust for Certification Authorities. The scope of the engagement is based upon specific principles and related criteria unique to certification authorities.