From the blog

Security and Compliance: Rescale's Independent External Audit

compliance
The security of customers’ information is of utmost importance to Rescale. While many of the steps we take to protect customers’ information are outlined on our Security page, new customers may have doubts about the effectiveness of the systems and controls we provide to protect their data. That’s where a trusted third-party can provide some reassurance. Our team here at Rescale recently brought in an independent auditor to perform an objective review of the controls Rescale has in place, to ensure that customers’ information is stored in a secure manner and available when needed.
We elected to pursue a Service Organization Control (SOC) 2 report as defined by the American Institute of CPAs® (AICPA®). The SOC 2 report addresses the following key features of a system, which in Rescale’s case is the cloud engineering simulation platform:
Security
The system is protected against unauthorized access (both physical and logical).
Availability
The system is available for operation and use as committed or agreed.
Processing integrity
System processing is complete, accurate, timely and authorized.
Confidentiality
Information designated as confidential is protected as committed or agreed.
Privacy
Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
There are two types of SOC 2 reports, appropriately named Type 1 and Type 2. A Type 1 report describes the controls that are in place to address the features described above, along with the auditor’s opinion on the adequacy of those controls. A Type 2 report includes all the information in a Type 1 report, as well as a list of tests the auditors performed to verify the controls and the results of those tests. Examples of the tests performed include, reviewing a log file from a randomly selected date to verify that an appropriate audit message was recorded, reviewing third-party uptime evaluations, or verifying that a customer issue was appropriately tracked from the initial report to resolution.
Rescale received its Type 1 report from an independent auditor in June of 2013, and its Type 2 from that same auditor for the period from June 1st to November 30th. Going forward, Rescale will have annual audits to ensure that customers know a third-party organization regularly reviews the controls in place to protect their information.
To learn more about Rescale, please visit, www.rescale.com. To begin using Rescale for engineering and science simulations, please contact info@rescale.com.

Related articles

HPC+ Core Type Offers Improved Performance

Here at Rescale, we are very excited to introduce into production a new hardware profile – the “HPC+” compute configuration. This compute type has improved compute and interconnect capabilities coupled with SSD storage, yielding significantly improved performance. During beta testing, […]

read more »

Building a Digital Twin? Consider a Vendor-Agnostic HPC Cloud

This article originally appeared on ENGINEERING.com. To see the full article, click here. The concept of the digital twin brings versatility to the engineering world. By creating a virtual representation of a product, engineers can investigate designs to further product […]

read more »