Compliance

We meet all regulatory requirements to support our government and commercial clients, providing all services from On-Shore USA. We also assist and support our clients for conducting any specific audit requirements that may be required.

Blue Hill is SOC 2 Type 2 (SSAE 18) Compliant

SOC 2 Type 2 examination reports on Controls at a Service Organization in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, and validates that the policies and procedures Blue Hill has in place comply with important SOC 2 Type 2 (SSAE 18) standards regarding security, availability, processing integrity, confidentiality or privacy, relevant to a client’s confidential and critical data. SOC 2 also aligns with international standards and includes a written assertion from management on the design and operating effectiveness of the data center controls.


Blue Hill is SOC 1 Type 2 (SSAE 18) Compliant

SOC 1 Type 2 examination reports on Controls at a Service Organization in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, and validates that the policies and procedures Blue Hill has in place comply with important SOC 1 (SSAE 18) standards regarding business process and information technology relevant to user entities’ internal control over financial reporting. SOC 1 Type 2 also aligns with international standards and includes a written assertion from management on the design and operating effectiveness of the data center controls.


Blue Hill is PCI-DSS Compliant – Network Services

Blue Hill is enrolled in Trustwave’s Trusted Commerce™ program to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandated by all the major credit card associations including American Express, Diners Club, Discover, JCB, MasterCard Worldwide, Visa, Inc. and Visa Europe. Blue Hill provides our PCI-DSS AOC and completes quarterly vulnerability scans to demonstrate compliance.


Blue Hill is PCI-DSS Compliant – Colocation Services

By successfully completing the annual PCI Data Security Standard (DSS) Version 3.2.1 examination, Blue Hill has demonstrated full compliance with PCI DSS requirements and security assessment procedures for the controls it has put in place at its hosted data center facility in Pearl River, NY. Blue Hill receives a Report on Compliance (ROC), which is validated with an annual on-site assessment for Attestation of Compliance (AOC) as a declaration that the results of all sections of the ROC are complete and result in an overall COMPLIANT rating.


TRUSTe

Blue Hill is TRUSTe Privacy Certified

Trusted Website Privacy Certification

Blue Hill’s privacy policy and practices are in compliance with TRUSTe’s program requirements including transparency, accountability and choice regarding the collection and use of personal information through our website.

Trusted Cloud Privacy Certification

Blue Hill maintains privacy and security practices for our Cloud Hosted platform clients demonstrating that data entrusted to Blue Hill by our business clients for processing, management, and storage is protected and secured, complying with the TRUSTed Cloud Privacy Certification Program Requirements.


Blue Hill is EU-U.S. and Swiss-U.S. Privacy Certified

Blue Hill receives assurance of the benefits of the Privacy Shield by annual self-certification to the U.S. Department of Commerce’s International Trade Administration (ITA) that it adheres to the Privacy Shield Principles. Blue Hill participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Blue Hill is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.


Blue Hill Personnel are HIPAA HITECH Privacy & Security Certified

Blue Hill employees attend and complete mandatory HIPAA and HITECH compliance training programs to maintain privacy and security practices for Protected Health Information (PHI) based on the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.


Blue Hill is in Compliance with the Criminal Justice Information Services (CJIS) Security Policy

All Blue Hill solutions and services are customized per Client-specific CJIS Compliance requirements. Blue Hill is in Compliance with the Criminal Justice Information Services (CJIS) Security Policy.


Blue Hill is in Compliance with the IRS Publication 1075 Tax Information Security Guidelines for Federal, State, and Local Agencies through a self-attestation.

Blue Hill is in Compliance with the IRS Publication 1075 Tax Information Security Guidelines for Federal, State, and Local Agencies through formal documented physical and logical security policies and data center site audits, as required. All Blue Hill solutions and services are customized per Agency-specific IRS Publication 1075 Compliance requirements.


Blue Hill is in Compliance with International Organization for Standardization – ISO27001 Standards and Controls.

Blue Hill has adopted a Best-In-Class management process to ensure that the information security controls continue to meet our clients’ information security requirements on an ongoing basis. All Blue Hill solutions are customized to meet the specific regulatory requirements of each client.


Blue Hill is in Compliance with the MARS-E volume II. Minimum Acceptable Risk Standards for Exchanges in accordance with Centers for Medicare & Medicaid Services (CMS) through a self-attestation.

Blue Hill maintains vigilance over the protection and integrity of Clients’ critical and Confidential Data; i.e., PHI, PII, and FTI through logical and physical security measures to meet and maintain compliance with regulatory and/or industry security standards as well as mandates of the Affordable Care Act of 2010.


Blue Hill is GLBA and FFIEC Compliant

By successfully completing annual SOC1 Type 2 and SOC2 Type 2 examinations, Blue Hill provides the additional assurance of its security and privacy controls to our Financial Institution Clients and their clients, who run their processing environments at Blue Hill. Blue Hill safeguards private information of individuals, the collection and disclosure of private financial information, and appropriate security for the protection of such information.

Blue Hill supports the FFIEC’s uniform principles, standards, and report forms for the federal examination of financial institutions. Blue Hill follows the data and network security requirements of each Client including multifactor authentication to protect against security breaches.