Compliance

We meet all regulatory requirements to support our government and commercial clients, providing all services from On-Shore USA. We also assist and support our clients for conducting any specific audit requirements that may be required.

Blue Hill is SOC 2 Type 2 (SSAE 18) Compliant

SOC 2 Type 2 examination reports on Controls at a Service Organization in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, and validates that the policies and procedures Blue Hill has in place comply with important SOC 2 Type 2 (SSAE 18) standards regarding security, availability, processing integrity, confidentiality or privacy, relevant to a client’s confidential and critical data. SOC 2 also aligns with international standards and includes a written assertion from management on the design and operating effectiveness of the data center controls.


Blue Hill is SOC 1 Type 2 (SSAE 18) Compliant

SOC 1 Type 2 examination reports on Controls at a Service Organization in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, and validates that the policies and procedures Blue Hill has in place comply with important SOC 1 (SSAE 18) standards regarding business process and information technology relevant to user entities’ internal control over financial reporting. SOC 1 Type 2 also aligns with international standards and includes a written assertion from management on the design and operating effectiveness of the data center controls.


Blue Hill is PCI-DSS Compliant – Network Services

Blue Hill is enrolled in Trustwave’s Trusted Commerce™ program to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandated by all the major credit card associations including American Express, Diners Club, Discover, JCB, MasterCard Worldwide, Visa, Inc. and Visa Europe. Blue Hill provides our PCI-DSS AOC and completes quarterly vulnerability scans to demonstrate compliance.


IT, colocation

Blue Hill is PCI-DSS Compliant – Colocation Services

By successfully completing the annual PCI Data Security Standard (DSS) Version 3.2.1 examination, Blue Hill has demonstrated full compliance with PCI DSS requirements and security assessment procedures for the controls it has put in place at its hosted data center facility in Pearl River, NY. Blue Hill receives a Report on Compliance (ROC), which is validated with an annual on-site assessment for Attestation of Compliance (AOC) as a declaration that the results of all sections of the ROC are complete and result in an overall COMPLIANT rating.


IT, HIPAA Compliance

Blue Hill Personnel are HIPAA HITECH Privacy & Security Certified

Blue Hill employees attend and complete mandatory HIPAA and HITECH compliance training programs to maintain privacy and security practices for Protected Health Information (PHI) based on the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.


IT Compliance

Blue Hill is in Compliance with the Criminal Justice Information Services (CJIS) Security Policy

All Blue Hill solutions and services are customized per Client-specific CJIS Compliance requirements. Blue Hill is in Compliance with the Criminal Justice Information Services (CJIS) Security Policy.


IT Compliance

Blue Hill is in Compliance with the IRS Publication 1075 Tax Information Security Guidelines for Federal, State, and Local Agencies through a self-attestation.

Blue Hill is in Compliance with the IRS Publication 1075 Tax Information Security Guidelines for Federal, State, and Local Agencies through formal documented physical and logical security policies and data center site audits, as required. All Blue Hill solutions and services are customized per Agency-specific IRS Publication 1075 Compliance requirements.


IT Compliance

Blue Hill is in Compliance with International Organization for Standardization – ISO27001 Standards and Controls.

Blue Hill has adopted a Best-In-Class management process to ensure that the information security controls continue to meet our clients’ information security requirements on an ongoing basis. All Blue Hill solutions are customized to meet the specific regulatory requirements of each client.


IT Compliance IT Compliance

Blue Hill is in Compliance with the MARS-E volume II. Minimum Acceptable Risk Standards for Exchanges in accordance with Centers for Medicare & Medicaid Services (CMS) through a self-attestation.

Blue Hill maintains vigilance over the protection and integrity of Clients’ critical and Confidential Data; i.e., PHI, PII, and FTI through logical and physical security measures to meet and maintain compliance with regulatory and/or industry security standards as well as mandates of the Affordable Care Act of 2010.


IT Compliance IT Compliance

Blue Hill is GLBA and FFIEC Compliant

By successfully completing annual SOC1 Type 2 and SOC2 Type 2 examinations, Blue Hill provides the additional assurance of its security and privacy controls to our Financial Institution Clients and their clients, who run their processing environments at Blue Hill. Blue Hill safeguards private information of individuals, the collection and disclosure of private financial information, and appropriate security for the protection of such information.

Blue Hill supports the FFIEC’s uniform principles, standards, and report forms for the federal examination of financial institutions. Blue Hill follows the data and network security requirements of each Client including multifactor authentication to protect against security breaches.


IT Compliance

As part of Blue Hill’s continuing strategy to further enhance our security standards and consistently add to our multi-layer security posture, Blue Hill is pleased to announce their strategic partnership with Cybersafe Solutions. This partnership will aid in the support of Blue Hill’s corporate and customer security efforts. Cybersafe helps companies avoid expensive and disruptive cyber compromises by complementing our current defensive programs with best-in-class cyberthreat detection, live containment, and immediate response capabilities. Cybersafe supplements our multiple prevention processes by providing an additional layer of security, including 24×7 monitoring, to proactively detect any potential risks or vulnerabilities to our corporate infrastructure.  This added security layer will also add to our ongoing strategy for meeting and exceeding all certification and compliance requirements.