Boston PLLC maintains all client data and communications on a secure hosted server trusted by some of the world’s leading organizations, in compliance with the following standards:

ISO 27001

ISO 27001 is one of the most widely recognized and accepted independent security standards. Boston PLLC’s server host has earned ISO 27001 certification for the systems, technology, processes, and data centers that run it.

ISo 27017

ISO 27017 is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services. Our server host’s compliance with the international standard was certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council (a member of the International Accreditation Forum, or IAF).

SOC 2/3

The American Institute of Certified Public Accountants (AICPA) SOC (Service Organization Controls) 2 and SOC 3 audit framework relies on its Trust Principles and Criteria for security, availability, processing integrity, and confidentiality. Our server host has both SOC 2 and SOC 3 reports.

The server host further supports customers’ compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA), which governs the safeguarding, use, and disclosure of protected health information (PHI), meets data protection recommendations from the Article 29 Working Party and maintains adherence to EU Model Contract Clauses, and commits to comply with the obligations applicable under the General Data Protection Regulations with respect to the processing done on behalf of customers, and works closely with European Data Protection Authorities to meet their expectations.

Additional information about our data security procedures and safeguards is available to clients upon request.