DDi products and solutions are delivered across the globe using enterprise-class cloud infrastructure and services. DDi uses only “PRIVATE” cloud for all products and client data. We use 3 certified data centres (USA, Germany, Hong Kong) Clients are given an option to choose the location based on their data privacy policies and preferences. All servers at the location are owned by DDi and monitored 24X7X365 for Confidentiality, Integrity and Availability.
Entire infrastructure, where our and client data resides, is private cloud owned by DDi. This ensures that there is no interference with others data and contract challenges.
All servers are protected by strong firewall with all vulnerable and redundant ports hardened. Every communication with server will be done only with encryption.
With all latest hardware and high internet bandwidth applications are accessible at high performance.
Our data center partner is certified with SSAE 18 for , SOC 2 Type II, ISO/IEC 27001:2013, HIPAA/HITECH and PCI DSS 3.2.
Our data center partner is awarded with Silicon Valley Power Energy Innovator Award, U.S. Environmental Protection Agency’s (EPA) Top 30 Tech and Telecom Companies, Title 24 California Energy Commission Award.
Servers are available 24X7X365 with 99.99% availability backed up by redundant servers, power, internet at same location and a redundant infrastructure replica of this environment is located in geographically different location.
We deployed our private cloud in data centers which have received the following certifications, to give our customer peace of mind on how their data is stored.
SOC 1(SSAE 18)
Service Organization Control 1(SSAE 18/ISAE 3402) reports are conducted in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 18 put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). SSAE18 standard governs on internal controls over financial reporting. The Type II report includes the design and testing of controls to report the operational effectiveness of these controls over a period of time.
SOC 2 Type II
The SOC2 standard designed for technology companies, including data centers, IT managed services, cloud-computing based businesses, SaaS vendors etc., to govern internal controls over operational controls based on the Trust Services Principles (TSP) of security, availability, processing integrity, confidentiality and privacy as well as controls outside of financial reporting.
ISO/IEC 27001:2013ISO/IEC 27001:2013
The ISO/IEC 27001: 2013 standard provides a framework for businesses looking to establish, implement, maintain and constantly improve an information security management system (ISMS). With ISMS, businesses can secure their sensitive information through a systematic approach with a risk management process that including people, processes and IT systems.
The Health Insurance Portability and Accountability Act (HIPAA) passed by the U.S. Congress in 1996 and Health Information Technology for Economic and Clinical Health (HITECH) set the standard for protecting sensitive patient data. This system was established to secure the transfer and storage of Protected Health Information (PHI) of patients to make health-related information easier to share between providers. To store or transmit PHI all companies are required to comply with HIPAA.
PCI DSS 3.2
The Payment Card Industry Data Security Standard (PCI DSS) protects consumer security for all businesses that process transactions using credit cards by providing an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents. PCI DSS standards were formed to control high-profile security breaches by the founding brands of the PCI Security Standards Council including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International.