About OSG

Security/Third-Party Certifications

In today’s economy, it is pertinent for OSG to demonstrate adequate controls and safeguards while hosting and processing data that belongs to our valued customers.


SSAE 16 Audited

OSG makes every effort to safeguard our customers’ data through a number of internal controls and procedures. OSG has successfully completed all of its SSAE 16 (formerly SAS 70) audits, developed by the American Institute of Certified Public Accountants (AICPA). A third-party auditor presents the certification based on an in-depth examination of day-to-day operations and determines if the service organization performs as documented. OSG first underwent this process in 2008. This classification recognizes OSG as a provider of reliable services and solutions and helps assure OSG customers that the company is in compliance with industry-accepted vulnerability standards in order to create as secure of an environment as possible for customers. OSG is SSAE 16 certified.

Additional information on SSAE 16 and Service Organization Control reports can be viewed at the AICPA's new web page (www.aicpa.org/soc).


PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). Source: www.pcicomplianceguide.org. OSG is PCI Level 3 compliant.


HIPAA Privacy

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. OSG is HIPAA Compliant. Click here to read our Privacy Policy.