1

2017

HIPAAWWW.HOSTWAY.COMKEVINNEWBORG

www.hostway.com HIPAA|www.hostway.com

CoverLetter

www.hostway.com

www.hostway.com HIPAA|www.hostway.com

TableofContentsCoverLetter....................................................................................................................................1

ExecutiveSummary........................................................................................................................4

WhyHostway..............................................................................................................................4

CompanyReachandGlobalWorkforce..................................................................................5

HostwayOverview..................................................................................................................5

HostwayStrengthsandAdditionalProducts..........................................................................6

DepthofHIPAATechnologiesPortfolio..................................................................................7

ComplianceandSecurity.......................................................................................................12

StrategicPartnerships...........................................................................................................14

Conclusion................................................................................................................................15

AppendixA–HIPAAAttestation..................................................................................................17

AppendixB–SSAE16Certification...............................................................................................18

AppendixC–BusinessAssociatesAgreement.............................................................................19

www.hostway.com HIPAA|www.hostway.com

ExecutiveSummaryHostway’sapproachiscomprehensive–assistingenterpriseswithfullHIPAA/HITECHimplementationsandongoingITinfrastructuremanagement,alongwith24×7coveragefromexpertHIPAAanalysts.

TheexpansionofourHIPAAofferingsbuildsourcommitmenttooffertrustedandsecurecloudsolutionsthatcomplywiththehighestindustrystandards.Toensuresecuritycompliance,Hostwayemploysarangeoftechnologiesandservicesthatincludeintrusiondetectionandpreventionsystems(IDPS),VirtualPrivateNetwork(VPN),multi-factorauthentication,webapplication

firewall(WAF),fileintegritymonitoring,securityeventlogmanagement,threatmonitoring,threatresponseanddataencryption.

Withmorethan19yearsofhostingandcloudexperience,Hostwaydelivershostedservices,public/private/hybridclouds,alongwithmanagedservices,on-boarding,consultingandprofessionalservicestoomanyoftheworld’smostsignificantbrands.Morethan40leadinghealthcareorganizationsalreadytrustHostwaytodeliverHIPAA-compliantservicestoday,andthenumbercontinuestogrowrapidly.

WhyHostwayWithEmilSayeghastheCEO,Hostwayispositionedtostrengthenourglobalofferingsandfootprintof500,000customers.Hostwayisaleaderinmanagedcloudinfrastructureandapplicationhostingsolutionsforasset-lite,mid-marketande-commercefocusedorganizationsandthecompaniesthatservethem.

Hostwaystrivestodeliver24/7/365supportandcost-effective,secure,multi-tenantanddedicatedhostingenvironmentsforSMBsandlargeenterprises.Wemakeitourprioritytokeepyouronlineassetsupandrunningallowingyoutofocusongrowingyourbusiness.Asoneoftheworld'slargestcloudhostingandinfrastructure-as-a-serviceprovidersandoneofthemostrespectedbrandsinhosting.Hostwayhasatremendousfutureaheadofitself.

www.hostway.com HIPAA|www.hostway.com

CompanyReachandGlobalWorkforceDataCenterLocations:

• Austin,Texas• Chicago,Illinois• Tampa,Florida• Vancouver,Canada• Hannover,Germany• Seongnam,Korea

OfficeLocations• Austin,Texas• Chicago,Illinois• SanAntonio,Texas• Sofia,Bulgaria• Vancouver,BritishColumbia• Tampa,FL

HostwayOverviewHostwayisamultinationalwebhostingandtechnologyInfrastructureCompanyheadquarteredinChicago,Illinois,UnitedStates,foundedin1998.Itprovidesindividuals,small-tomedium-sizedbusinessesandlargecorporationswithemailandhostingservicesforwebsites,databases,andbusinessapplications.HostwayServicesInc.servesmorethan500,000customersworldwide.In1998,UniversityofChicagoalumniLucasRoh,JohnLee,ArnoldChoiandtwootherbusinesspartnersacquiredSpectronetInc.,aWebhostingcompanyintheChicagosuburbswithannualrevenuesof$30,000.They

www.hostway.com HIPAA|www.hostway.com

renamedthecompanyHostwayServicesInc.andbeganpreparationstoexpanditsreachintheUSandinternationalmarkets.

Fastforwardtonow:Hostwayhaslocationsinthefollowingareas:Chicago,IL,Tampa,FL,Austin,TX,SanAntonio,TX,Vancouver,BritishColumbia,Sofia,Bulgaria.Andhaveexpertiseinamultitudeofproductsandservices,whilecontinuingtoexpandourEnterprise&Channelpartnerships,withcompaniessuchasVerizon,Comcast,andCenturyLink.

HostwayStrengthsandAdditionalProductsCloudandHostingServicesHostwayPartnerswithMicrosofttoprovideourcustomerswithflexiblecloudhostingoptions.WithdeepexpertiseinMicrosoftAzurehostingandalongtrackrecordofdeliveringexceptionalcustomerservice,HostwaydeliversaMicrosoftcloudsolutionthatmeetsyourspecialrequirementstodayandinthefuture.

AzurePublicCloudWithmanagedAzure,yougetscalability,flexibility,andeaseofuse.Spinupanddownanytime,andonlypayforwhatyouneed.Addtheexpertise,guidanceandmanagedsupportfromtheAzurespecialistsatHostway,andyouareinadreamcloudenvironment.TheAzurePublicCloudisdesignedforintegrationwithHostway’sVirtualPrivateCloudinaHybridconfiguration.

VirtualPrivateCloudAsaVirtualPrivateCloudprovider,Hostwayaimstomaximizeeaseofuse.OurAzure-consistentenvironmentmakesresourcemanagementfastandeasy–deliveringafamiliartoolsetandAPIforthecontrolandflexibilityneededtosupportabroadrangeofapplicationsandworkloads.

HybridCloudAsaHybridCloudproviderandMicrosoftGoldPartner,Hostwayhastheexpertisetodesign,buildandrunAzure-basedhybridsolutions.Wehandletheday-to-dayoperationssoyoucanfocusonrunningyourbusiness.

ManagedDatabaseDatabaseManagedServicesaredesignedtotaketheexpenseandconfusionoutofmanagingyourdata.OurteamofexperienceddatabaseadministratorsinOracle,MySQL,andSQLareavailableroundtheclock,completingthemaintenance,monitoring,andhands-ondatabaseadministrationnecessarytokeepyoursystems,andyourbusiness,runningatfullsteam.Whenyourdatabasedoesencounteraproblem,aDBAwhounderstandsyourenvironmentwillbethereimmediatelytosolveyourdatabaseproblems.

EmailandCollaboration

HostedExchangeMicrosoftExchangefromHostwayisamission-critical,enterprise-classemailplatformthatenablesefficientaccesstoemail,calendars,attachments,contacts,andmore—nomatterwhereyouareorwhattypeofdeviceyou’reusing.It’sanaccessible,collaborative,reliableemailplatformthathelpsimproveproductivity,andit’savailableinasimple,easy-to-usepackage.

www.hostway.com HIPAA|www.hostway.com

HostedOpen-XchangeCollaboratingacrossmultipledevicesoftenresultsinfrustration.OXAppSuiteisacollaborationapplicationthatmakeslifeeasierbybringingtogetheremails,calendars,socialnetworks,etc.toworkonavarietyofdevices.

MicrosoftSharePointMicrosoftSharePointfromHostwayisapowerfulcollaborationtoolyoucanusetobringyourorganizationtogether.Whetheryouneedtoeditdocumentssimultaneouslywithyourcolleagues,sendanimportantcompanyupdatetoeveryoneatonce,orjusthaveaknownrepositoryofinformationtopointsomeoneto,SharePointcanhandleit.

ManagedOffice365We’reonlyaphonecallaway.WhenyoubuyOffice365fromHostway,youget24×7accesstoateamofexpertswhoarecommittedtokeepingyouupandrunning.NootherserviceproviderknowsMicrosoftproductsbetterthanHostway.AndasaMicrosoftGoldPartner,HostwaywillworkdirectlywithyoutoprovideapersonalizedapproachhelpingyougetthemostoutofOffice365.

DepthofHIPAATechnologiesPortfolioHostwayHIPAACompliantHardwareSpecifications

OperatingSystemsHostwaysupportsthefollowingOperatingSystemsunderourHIPAAPortfolioWindows

• Server2016• Server2012• Server2008

Linux• Redhat(6/7)• CentOS(6/7)• Ubuntu(14.04/16.04)• Debian(7/8)

Firewall&EncryptedVPNHostwayutilizestheCiscoASAFamilyofsecuritydevicesprotectscorporatenetworksanddatacentersofallsizes.Itprovidesuserswithhighlysecureaccesstodataandnetworkresources-anytime,anywhere,usinganydevice.CiscoASAdevicesrepresentmorethan15yearsofprovenfirewallandnetworksecurityengineeringandleadership,withmorethan1millionsecurityappliancesdeployedthroughouttheworld.

• OffersintegratedIPS,VPN,andUnifiedCommunicationscapabilities• Helpsorganizationsincreasecapacityandimproveperformancethroughhigh-performance,

multi-site,multi-nodeclustering• Delivershighavailabilityforhighresiliencyapplications• Providescollaborationbetweenphysicalandvirtualdevices• Facilitatesdynamicroutingandsite-to-siteVPNonaper-contextbasis

www.hostway.com HIPAA|www.hostway.com

EncryptedHardDrivesAsHostwayisaDELLshop,wehavereliedonDELL’sMDSMandSEDSolutiontoaccomplishencryptionneedsofourHIPAA,PCIandSOXcustomers.Whiletheencryptioncapabilitiesofthedrivesofferhigh-qualitysecurity,managementoftheseSEDsiscriticaltothesecurity’seffectiveness.SecuringdatawithSEDsrequiresakeymanagementservicethatstores,manages,andservestheappropriateauthenticationstothesedrives.

Figure1-DELLMDSMKeyManagement&Encryption

Anti-Virus

AVGAntivirusBusinessEdition–WindowsServersOurAVGAntivirusBusinessEditionallowsourwindowscustomerstoreceiveRemoteManagementbyourHostwaySecurityServicesTeam,FileServerSecurity,NetworkAntivirus,AdvancedDetection,PrivacyProtection,FirewallandEmailProtection.

ClamAV–LinuxServersClamAV®isanopensource(GPL)anti-virusengineusedinavarietyofsituationsincludingemailscanning,webscanning,andendpointsecurity.Itprovidessomeutilitiesincludingaflexibleandscalablemulti-threadeddaemon,acommandlinescannerandanadvancedtoolforautomaticdatabaseupdates.

OffsiteBackupsHostwayutilizesR1SoftServerBackupManagerwhichgivesHostwayaflexible,server-friendlysolutionthateliminatesthepainsofrunningtraditionalbackups.R1SoftsContinuousDataProtection™technologyenablesourcustomerstorunbackupsasfrequentlyasevery15minutes,withnonegativeimpactonserverperformance.

CertificateofDestructionAtthecompletionofthewipingprocess,wewillprovideyouwithdocumentationthatthedestructionprocessiscomplete.Itwillcontainthedateofservice,dateofdestruction,thenumberofsecurecontainersservicedwithadescriptionandthetotalweightdestroyedperservice.

DDOSProtectionHostwayprovidesDDOSProtectionwithNexus-Guardwhichprovidesourcustomerswithahybridmixofcloud-scrubbingandmitigationappliancesandtechnologies.Nexushelpsprovidethefollowing:

• 1.28Tbpsmitigationcapacity• ProtectsagainstattacksinnetworkLayers3,4,and7

www.hostway.com HIPAA|www.hostway.com

o ProtectionbeyondHTTP/HTTPS(coverscustomapplications)o GlobalContentDeliveryNetwork(CDN)andsiteaccelerationsupportedbyload-

balancingacrossallactivebackendservers• Dynamicandstaticcontentcaching,boostedbyin-memorycachetoreduceI/O

PenetrationTesting

InternalPenetrationTesting• Switches• Routers• DirectoryServers(ActiveDirectory,LDAP,Novell)• Coreinfrastructureservices(DNS,DHCP,WINS)• FileandPrintSharingServices• UserWorkstations• DatabaseServers• InternalClient-ServerApplications• InternalWebApplications

ExternalPenetrationTesting• Firewalls• ExternalRouters• WebServers• DomainNameServers(DNS)• RemoteAccess(VPNs,SSLVPNs,etc.)• SecureEncryptedConnections(site-to-siteorB2BVPNs)• EmailSystems• FileTransferServers

WirelessPenetrationTestingHostwayapproacheswirelesssecurityfromthreeperspectives

• Signalspace–Hasanyoneplacedunauthorizedwirelessdeviceswithinthecorporateenvironmentandfromwherecanamaliciousactorconnecttoyourwireless?

• Client-side/MobileDevices–Aredevicesconnectingtothewirelessnetworksecuredsuchthattheydonotprovideanattackerawaytocompromisethewirelessnetwork?

• Infrastructure–Isthewirelessinfrastructureappropriatelysecured?

HostwayManagedSupportServicesOurHostwayteamiscommittedtoprovidingclientswithpremierqualityinfrastructuremanagedservicesapplyingproactiveandreactivesupporttoensureenduserscontinuallyhaveaccesstotoolsnecessarytodelivertheircomponentofthebusinessprocess.Hostwayoffersacomprehensiveportfolioofservicesthatoptimizeyouraccesstocriticalapplicationsandtechnologyenvironments.Wecanserveasanextensionofyourcurrentteam,bridgingthegapofmissingskillsetsortakeownershipofyourorganization'ssupportneedstoachieveyourtargetservicelevels.

Agile/ITILProcessDesignandConfigurationManagedServices• IncidentManagement

www.hostway.com HIPAA|www.hostway.com

• RequestFulfillment• ChangeManagement• ProblemManagement• ConfigurationManagement• KCSKnowledgeManagement

GuaranteedServiceLevelAgreements• 30MinuteResponseTime(Premier)• 100%NetworkUptime,Power&HVAC• 100%PlatformUptime(Premier)• 1HourHardwareReplacement

Differentiatedlevelsofsupport• EssentialsSupport–Designedforthedo-it-yourselfers.Companiesthatwantacompliant

hostingvendorbuthavetheabilitiestosupportthehardwarethemselves.• AdvancedSupport–DesignedtointegrateintoyourdailyITneedsandaccomplishyourstrategic

ServiceLevelAgreementstogether.• PremierSupport–DesignedtobeanextensionofyourITgrouportoownandsupportallyour

ITNeedsfromstandardLevel1toLevel3supporttointegrationwithvendorsintoourITSMpracticetoenhancedSLAGuarantees.

DefinedCustomerJourneywith:• NewClientOnboarding

o SolutionDocumentationo CustomReportingo CustomKeyPerformanceIndicators

TechnicalAccountManager• SinglePointofContact• QuarterlyBusinessReviews• MonthlySupportMetricReviews• CustomizedSecurityReviews

HostwayManagedSecurityServicesWhenprotectingsensitivedataisyournumberonepriority,youneedanintegratedsolutiondesignedspecificallyforthatpurpose.WithHostwayManagedSecurityServices,organizationscanprotecttheirwebapplications,networksandcomputinginfrastructurewithafullyintegratedsolutionfromasinglevendortheycantrust.Offeringaneasytounderstandlicensingmodel,CloudDefendernotonlytakesthecomplexityoutofsecurityandcompliance,butitalsotakesthefrustrationandconfusionoutofpurchasing.

HostwaysManagedSecurityServices–PoweredbyAlertLogicallowsourclientstohaveaManagedSecurity-as-a-Servicesolutionthatintegratesinnovativesecuritytechnology,humananalytics,andresponsivecommunicationtodeliverthehighest-qualitysecurityoutcomeforcompaniesthatdemandaleadingsecurityprovider,regardlessofplatformHostway’sManagedSecurityServicesassistsinCloud,On-Premises,andHybridsolutions.

www.hostway.com HIPAA|www.hostway.com

HostwayManagedSecurityServicesareofferedin3differentbundles:

SecureWebBundle:includesIntrusionDetection,Internal&ExternalApprovedServiceVendorScans,ActiveWatch(24x7ServiceonThreatManager),andLogManagerwith90daysofretentionwithdailylogreviews.

AdvancedSecurityBundle:includesIntrusionDetection,Internal&ExternalApprovedServiceVendorScans,ActiveWatch(24x7ServiceonThreatManagerandLogs),andLogManagerwith12monthsofretentionwithdailylogreviews.

ComplianceBundle:includesIntrusionDetection,Internal&ExternalApprovedServiceVendorScans,ActiveWatch(24x7ServiceonThreatManager,WAF,andLogs),WebApplicationFirewallandLogManagerwith12monthsofretentionwithdailylogreviews.

TheHostwayServiceSupportorganizationwillbeyourprimarypointofcontactoncetheManagedSecurityServiceBundlehasbeensuccessfullyprovisioned.ToobtainassistancefromtheServiceSupportorganizationyoumaysubmitaticketthroughourself-serviceportal,sendusanemail,Chatorcallourtoll-freetechnicalsupporthotline.

Figure2-HostwayManagedSecurityWorkflow

ThisteamisuniquelypositionedtotheCenteroftheClientSupportLifecycle,andassuch,theycanperformandmanageSupportCaseroutingamongstallotherOperationalandNon-Operationalteams.

KeyResponsibilitiesofthisteam

• SinglePointofContactforClientsreportingRequestsandIncidentsbyphone,e-mailorself-serviceportal

• AssistClientswithWebInterfaceandApplianceConfiguration• WorkasaliaisonbetweendepartmentstoefficientlyresolveClientIncidentsandRequests• EscalationManagementtotheSecurityOperationsCenterforRequestsandIncidents

Hostway

www.hostway.com HIPAA|www.hostway.com

• KnowledgetransferfromtheSecurityOperationsCentertocontinuouslyimprovetheFirstTouch

• OwnersofStandardOperatingProceduresassociatedwithClientInteraction• IncidentManagement/CommunicationManagementforClientImpactingOutages/

DegradationtoService

ComplianceandSecurityAllofourDataCentersaredesignedtoprovideyouwiththetoolstoensurecompliancephysically,environmentallyandacrosstheentirenetworkinfrastructureinadditiontoproviding24x7smarthands.Additionally,aBusinessAssociateAgreement(BAA)isavailableuponrequest.

DataCenterPhysicalSystemSecurityMinimizeRiskofLossandTheft

• 24/7/365MannedFacility• ClosedCircuitTVSecurityCameras• Over60combinedcamerasaroundthedatacenters• Monitored24/7/365• Completecontrolledentrykeycardsystem-Nooutsiderisallowed;Onlyinternalsystemsand

networkadministrationstaffhaveaccess• SiteEntranceControlledbyElectronicPerimeterAccessCardSystem

MinimizeRiskofDamage

• N+1redundantHVACsystemusingmultipleunitswithbackupunitsstandingby• Redundantcableroutingsystem• Backupnetworkequipment• DataCenter1:Inergenenvironmentallygreenfiresuppressionsystem• DataCenter1:Powerbackupprovidedbya1.25MWgeneratorbeingfedfroma4000-gallon

dieselreservoir• DataCenter2:Powerbackupprovidedbya2MWgeneratorfedfroma5000-gallondiesel

reservoir• NOC(NetworkOperationsCenter)staffedwithseniorsystemtechnicians24x7x365• AdvancedFirePreventionInfrastructure

AdditionalSafeguards

• Anti-staticenvironment• RatedtowithstandClass3–4hurricanestrengthwinds• NOC(NetworkOperationsCenter)staffedwithseniorsystemtechnicians24x7x365

SSAE-16&SafeHarborCompliant

NetworkConfigurationandTechnicalSecurity

NetworkDeviceManagement• HardwareCiscoFirewallDevicesAvailablewithFullManagement• 24/7/365FollowtheSunsupport

www.hostway.com HIPAA|www.hostway.com

• OutboundandInboundTrafficFilteringAvailable• NetworkRedundancyEnsuresFailover• DiverseConnectivityFiberPathsIntoBuilding• CurrentgenerationTerrathonclassrouterswithterabitroutingcapacity.• BackboneconnectionsfromLevel3,MCI,andTimeWarner• Over47Gbpsintotalbandwidthcapacity• Serversareplacedinsegmentednetwork• 100Mbpsport,fullyburstable

RemoteVPN• RemoteSecureVPNImplementationsandManagementAvailable• Encryption• Authentication(Site-to-SiteVPNTunnels)withStrongPasswordsandCertificate• AssistancewithLogManagementandMonitoring

BackupManagementwithR1SoftProtectyourdatawithHostwayprovenR1SoftTechnologies,ourfullymanagedorSelf-ManagedSolution,providesarobustbackupsolutionforLinuxandWindowsManagedDedicatedServers.

ContinuousDataProtection®Ratherthanconstantlyrunningfull,performance-killingbackups,ourCDPtechnologykeepscriticalresourcesfreetoserveyourclients’needs.Ittakesaninitialsnapshotofyourdata,thencontinuouslymonitorschangestoyourdata,savingonlythebitsofinformationthathavechanged.

Site-to-SiteReplicationSite-to-SiteprovideshostingproviderswithasimplemeansofreplicatingbackupdataacrossSBMserversregardlessoftheirgeographiclocation.

SecurityandEventManagementServicesAdvisoryServicesWecanprovideacomprehensivecybersecurityassessmentofyoursecurityeffortsconductedbyseasonedexperts

SecurityPoliciesHostwayprovidesallcustomerswithourhomegrownsecuritypolicyasastandardpractice.ThoughthosecustomerswhoapplyforthePremierManagedServiceTierhavetheabilitytorequestthecreationoftheirdocumentationwithourManagedSecurityServicesTeamorprovideHostwaywiththeirpractice,andwewilladoptandfollow.

SecurityAssessmentOurteamofexperiencedsecurityanalystscanhelpyoudetermineyourorganizationalvulnerabilitytoattacksbyrigorouslytestingcyberdefensesandcontrols.

SecurityExerciseIncreaseyourresiliencytocyber-basedattacksbyevaluatingcurrentsecuritydefensesandtestingnewproceduresbeforeputtingthemintoplace.

www.hostway.com HIPAA|www.hostway.com

VulnerabilityScanningHostwaytakesmultipleapproacheswhenitcomestoVulnerabilityscans.WhileinternallyHostwayutilizesNessuswhichisoneofthemosttrustedvulnerabilityscanningplatforms.Whileweprefer,thatourcustomersadoptourManagedSecurityServiceswithAlertLogic.AsreportingisfullyautomatedintegratedwithIntrusionDetectionandprovidesamorerobustlogmanagementprocessandallowsformulti-tenancy.

StrategicPartnershipsWSM

AboutWSMWSMisaspecializedservices&solutionsintegratorwithacorefocusoncloud&servermigration,transformation,&DevOpsservices.WSMcreatedtheservermigrationservicesindustryin2003,andtodayisthelargestspecializedmigrationservicesproviderintheworld,havingcompletedmoremigrationsthanallothercompetingserviceproviders.

WSMLocationsHeadquarteredinSt.ClairShores,Michigan,withsatelliteofficesinKalamazoo,MI,Austin,TX,Kiev,UkraineandWarsaw,Poland.

WSMProductsAperfectblendofperformance,compliance,securityandautomation.WSMsolutionsdeliveryourbusinessaholisticapproachtomanage,tuneandsafeguardyourmission-criticaldigitalassetsunderasingle,simpleSLA.WSMcompletecoverageretainersupportplansmaximizereturnonyourITandsoftwaredevelopmentbudget.

MigrationServices&MethodologiesWSMisaspecializedservices&solutionsintegratorwithacorefocusoncloud&servermigration,transformation,&DevOpsservices.WSMproductsandservicesdeliveratotaltransformation,cloudadoption,andDevOpssolution,enablingWSMpartnersandcustomerstooptimizebothinitialon-boardingandongoinghostingoperations.

Evaluation&StrategyYourmigrationplanstartswithacomprehensiveinventoryofyourdigitalassets,followedbyriskanalysisanddependencymapping.WSMwillthenarchitectyourdestinationenvironment,evaluateallsuitablemigrationtoolsandmethods,considerDevOpsautomation,DR,scalability,security,complianceandperformanceoptimization,andfinallypresentyourtotaltransformationstrategy.Environments&TechnologyIncludes:AllOSVariants&Versions,AllServers,AllClouds,P@V&Hybrid,Co-Lo,Shared,VirtualMachines(VMWare,Hyper-V,KVM),AllWebServers&Websites,Application&DatabaseServers,EnterpriseApplicationsandWorkloads,Back-OfficeServers,Email

AdvancedServices&SolutionsIncludes:ServerImageMigrationServer,AutomatedToolMigrationprograms,DisasterRecovery&Failover,LoadBalancing,Auto-scaling,LoadTesting&StressTesting,Application&ServerTuning&Optimization,andManagedBackupasaService.

www.hostway.com HIPAA|www.hostway.com

SecurityServicesWeperformacomprehensivesecurityscanofyourwebsiteandhostingserver,toidentifypotentialsecurityvulnerabilitiesandshowyouhowtopreventfutureattacks.

WebDesignandDevelopmentBuild-to-suitwebsitesforbusinessesofanysizeandscope.WordPress,Magento,Joomla!AndDrupalexperts.Shoppingcarts,contentmanagement,membership,andpublicationsites.

WebsitePlatformConversionShoppingcartconversion,CMSconversion,Blogconversion.Proprietary-to-opensourcewebsiteapplicationtransformation.Over5,000sitestransformedsince2003.

CustomApplicationDevelopmentMobileapplications,customdevelopment,mostalllanguagesandplatforms

PostMigrationSupport(optional)Supportforas-neededtasksfromSSLinstallationtoserverconfiguration,websiteupdatestodiagnosticsandtroubleshooting.

ConclusionSince1998,HostwaySolutionshasbeenprovidingitscustomerswithawiderangeofhostingservices.OurclientsincludefamouscompaniessuchasSamsungandWix.Asanaward-winninghostingcompanydedicatedtoitscustomers.Wewillcontinuetostrivetoprovideunmatchedsupportandindustry-leadingservices,productsandstrategicpartnershipswithcompaniessuchasWSM,whichallcatertoourcustomer'sneedsandwants.

HostwayishereforyouRegardlessofsize,wetreateverycustomerlikeamilliondollarcustomerthatiswhyweprovideallCloudandHostingcustomers’guidancefromaSolutionArchitect.Weworkcloselywithourcustomerstounderstandtheiruniquechallengesandgoals,thenbuildasolutionthatbest

www.hostway.com HIPAA|www.hostway.com

meetstheirrequirementstodaywhilegrowingwiththeminthefuture.FromourcollegeinternstoourCEO–allHostwayemployeesarepassionateaboutdeliveringgreatcustomerserviceandareopentoallremarks,wedon’tjustwanttobeacompanythatofferssupport,wewanttobeacompanyyougrowwithandbuildarelationshipwith.Ouruniquehandsonapproachandaccountabilityforcustomersuccesssetsusapart.Wegoaboveandbeyondineverythingwedoandprideourselvesinbeingavailableforourcustomerswhenevertheyneedus.LetusgrowasyourpartnerandprotectyourinformationasatrueHIPAACompliantVendor.

www.hostway.com HIPAA|www.hostway.com

AppendixA–HIPAAAttestationAttestationcompletedbySchellman(formerlyBrightline)onNovember30th,2016.ThisattestationcanbemadeavailableafterNDAissignedbyallpartiesinvolved

www.hostway.com HIPAA|www.hostway.com

AppendixB–SSAE16CertificationSSAE16isanenhancementtothecurrentstandardforReportingonControlsataServiceOrganization,theSAS70.Thechangesmadetothestandardwillbringyourcompany,andtherestofthecompaniesintheUS,uptodatewithnewinternationalserviceorganizationreportingstandards,theISAE3402.TheadjustmentsmadefromSAS70toSSAE16willhelpyouandyourcounterpartsintheUScompeteonaninternationallevel;allowingcompaniesaroundtheworldtogiveyoutheirbusinesswithcompleteconfidence.

SOC1ReportforCloudandManagedHostingServiceshasbeencompletedbySchellman(formerlyBrightline)canbemadeavailableafterasignedNDAagreementbyallparties.

www.hostway.com HIPAA|www.hostway.com

AppendixC–BusinessAssociatesAgreement