SpiderOak's data centers are SAS 70 Type II compliant. Our data center is considered a Tier 3 data center by the Uptime institute, with N+1 infrastructure, employs the SSAE-16 audit schedule, physically staffed 24/7. Please contact us for a full list of our compliance certificates.
Additionly, SpiderOak does match the requirements set forth by HIPAA. The SpiderOak client and server environment contain all the appropriate technical security mechanisms to protect the data that is transmitted to and from the SpiderOak servers. In fact, we built the SpiderOak 'zero-knowledge' privacy environment specifically to handle this task. That said, we do not currently employ a HIPAA compliance officer for self-certification.
The services provided by SpiderOak do form a critical part of Data Backup, Disaster Recovery, and Emergency Mode Operations strategies by providing remote accessible backup, storage and restore services that are geographically distant from the client site to minimize the likelihood of data loss in a large-scale disaster. In the event of loss of the primary data center, data located on the SpiderOak cloud can easily, securely and quickly be accessed and restored. Covered entities are required to comply with the HIPAA Administrative Simplification Security Rule since April 21, 2005. SpiderOak, as part of a comprehensive security plan, can be an important part of your compliance strategy.