Fully Compliant

Whether you are looking for HIPAA Compliant Solutions, PCI Compliance, SSAE 16 (SOC 1) TYPE II (Formerly SAS 70), Nuvola Technologies has the best solution for you to meet

Deerfield Beach, Florida U.S.A.

This Data Center is SSAE16 (SOC 1) TYPE II (Formerly SAS 70) II certified and offers fully compliant hosting allowing our clients to fulfill the requirements of SSAE16 internal audits as well as SAS70 Type II audits. It is ideal for companies doing business with Government, Retail, Media & Entertainment, Financial Institutions or Healthcare. Providing all the required redundancies so as to guarantee high availability in addition to physical security, controls, environmental security, network monitoring, problem escalation and support.

This Data Center is a Tier IV Enterprise-Class Data Center. This is the highest level of service a datacenter can offer. Redundancies are in place to deter any type of outage, including redundant components within redundant appliances for power, networking, and cooling. This allows for absolute minimum downtime, even during a worst-case scenario of an unplanned failure.

The Data Center has one of the most advanced 7-point military-grade access control security protocols; featuring multiple Man-Traps, Fingerprint Biometrics, and Facial Recognition security.

Compliance & Certifications


aicpa2The Data Center is SSAE16 and SAS70 Type II certified, it offers fully compliant hosting allowing our clients to fulfill the requirements of SSAE16 internal audits as well as SAS70 Type II audits. While “SAS 70″ has been the dominant in-depth audit of a third-party service organizations over the last many years, the original Statement on Auditing Standards (SAS) No. 70 is actually one of many periodic statements issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). This certification confirms The Data Center’s controls are designed effectively, described accurately, and are in operation. To achieve SAS 70 Type II status, the auditor also certifies the controls have operated effectively over a period of time beyond the initial audit date.


soc2Confirms clients we use systems to protect their data. It audits security, availability, process integrity, privacy and confidentiality in your data hosting environment. SOC 2 hosting assures your service provider has all of the best internal practices in the right place. SOC 2 is a rigorous audit that is challenging for services organizations. SOC 2 measures and reports on a service organizations controls. SOC 2 reports on controls independent of an SSAE 16 (SOC 1) audit, and refers to controls specifically related to IT/data center service providers. The SOC 2 report affects companies that host or store large amounts of data, particularly data centers. A SOC 2 Report focuses on controls, called Trust Services Principles, related to security, availability, confidentiality, processing integrity and privacy—validating that the system is protected against unauthorized physical and logical access, for example.


soc3While the SOC 2 is a confidential report, the SOC 3 report is publicly available. The SOC 3 report contains the auditor’s letter and summary opinion on the effectiveness of data center controls, A management attestation letter, and a system description of the services provided and under the scope of the audit. While all of the necessary certification can be found in the report, it is less detailed and technical than a SOC 2 report that lists all of the tests performed by an independent auditor and test results. Online Tech’s hosting solutions have been audited to prove certified SOC 3 hosting. SOC 3 is a summary Trust Services Report that documents assurances on Latisys’ controls related to the Security principle but without the detailed description of tests and results contained in SOC 2. SOC 3 hosting delivers an auditor’s opinion of SOC 2 components with the additional seal of approval needed to ensure you are hosting with an audited and fully-compliant data center. A SOC 3 report is a general use report that can be distributed publicly by anyone to demonstrate that proper controls are in place within the data center system and design.

HIPAA – Health Insurance Portability and Accountability Act

hippa2HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. HIPAA Regulates the use and disclosure of an individual’s health information and gives patients greater control over the use of their health information. HIPAA Compliant Colocation includes access to our uninterruptible power, network and AC infrastructure at our secure, high availability data centers to ensure PHI availability. Critical data and applications are safe with our firewall and IDS/IPS protection. HIPAA compliance relies more on process than simply technology, and The Data Center’s compliant colocation solutions work to ensure that all compliance requirements are met on both fronts. The Data Center services include an SSAE 16 (SOC 1) TYPE II (Formerly SAS 70) audited and certified data center. We are a trusted medical and health care partner with nearly 20 years of experience and established credentials. We have been there, done that, and can make it happen for you.

PCI DSS – Payment Card Industry Data Security Standard

PCIlogoThe PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes.Compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online and offline. Through the use of PCI DSS standards, server hosting procedures are implemented to ensure a secure environment for credit card processing. The standards are updated by the Council, as needed, to stay up-to-date with new or modified requirements. To be considered PCI DSS compliant, businesses must meet all of the required standards sufficiently. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

Proven Experience

  •   Infrastructure
  •   Virtualization Technologies
  •   Security
  •   Microsoft & Linux
  •   Citrix technologies
  •   Oracle
  •   Open source technologies
  •   Database administration
  •   Business intelligence
  •   Web & mobile technologies


  •   Elite team of in-house Experts
  •   Specialists in current technologies
  •   Security experts
  •   Experience in cyber-defense
  •   Experience in the private sector
  •   Experience with the U.S. government
  •   International experience
  •   Microsoft SPLA partner
  •   Citrix CSP partner

Security Team you can trust

Unlike the vast majority of MSPs whose engineers rely on the hardware they purchase to provide protection, Nuvola Technologies’ security team includes members who've worked as Network Engineers for the United States Department of Defense; they understand what is happening on your network on a fundamental level, and will go above and beyond the norm to provide you with a security experience that is unavailable with any other provider. Members of our team were hand-selected by the United States government to assist in the creation of cyber-defense policies in the wake of recent events....