State of the Art

Your business data is safe in Abacus Private Cloud

Learn More


Abacus Private Cloud puts your critical business data and vital applications into a private virtual workspace that is accessible anywhere, anytime, from any device—all while removing IT management burdens and costs and maximizing your organization's performance.

Regulatory concerns? The Abacus Private Cloud is a full-spectrum ePHI and HIPAA compliance-ready technology solution, so you can rest easy knowing your data is safe and secure.

Abacus Private Cloud Quick Facts

  • 8 Data Centers
  • 100% Renewable Data Center Power
  • SOC1/SOC2/SOC3/SSAE16 Certifications
  • 256-bit AES Data Encryption
  • 99.999% Uptime Service Level Agreement
  • Unlimited Cloud Platform Support
  • No Fee for After Hours Support
  • No Fee for Client Data Export
  • No Fee for Device Reconfiguration
  • Accessible Anywhere, Anytime
  • Up to 60 Months Price Guarantee
  • Protects against Data Breaches

Data Center map

Data Center Compliance

The data centers we select for Abacus Private Cloud use intense physical and logical security to stay ahead of the latest compliance standards. Our cloud solutions help meet compliance requirements, wherever you operate your business. Find a a summary of common compliance standards below:

SSAE-16 SOC 1 Type 2

SOC 1 reports are provided to service organizations that are reporting on controls relevant to Internal Control Over Financial Reporting (ICFR). Type 2 reports sample data over a period of time, providing assurance of consistent compliance, versus using data from just a single point in time with Type 1.

Learn More

SSAE-16 SOC 2 Type 2

SOC 2 framework is a reporting option specifically designed for entities such as data centers, I.T. managed services, software-as-a-service (SaaS) vendors, and other technology and cloud computing-based businesses. SOC 2 frameworks address a comprehensive set of criteria known as the Trust Services Principles covering security, availability, system integrity, information confidentiality, and privacy of personal information. Type 2 reports sample data over a period of time versus using a single point in time, providing a more complete and thorough report.

Learn More


SOC 3 framework is complex and requires detailed scoping and policy and procedures documentation in order for a service organization to be successful. This framework was designed for information technology oriented companies such as data centers, software as a service (SaaS) entities, and managed services providers. 

Learn More

PCI DSS v3 AoC and Merchant Level 4/SAQ C Certification

The Payment Card Industry Data Security Standard is followed by organizations that store, process, and/or transmit cardholder data. Abacus undergoes quarterly vulnerability and penetration testing through Trustwave.

Learn More

HIPAA Compliance

Abacus data centers and cloud infrastructure meet stringent requirements for compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national standards to protect individuals’ medical records and health information and applies to health plans, health care clearinghouses, and those heath care providers that conduct certain health care transactions electronically. Abacus complies with the rules that apply to our systems and levels of access which helps our clients comply with portions of HIPAA that apply to them. BAA, the HIPAA Business Associate Agreement is available.

Learn More


The HITRUST Common Security Framework (CSF) provides a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. It aggregates existing globally recognized standards, regulations, and business requirements; including ISO, NIST, PCI, HIPAA, COBIT, and state laws into a coordinated security matrix. It is used by healthcare, business, technology and information security leaders to assist in safeguarding health information systems and exchanges.

Learn More

SSL Report

Abacus earned an SSL A rating through Qualys SSL Labs. SSL provides for the secure transmission of data, and supports the technology behind encrypting sensitive information on the Internet. We provide our customers with security and peace of mind when working in our web applications.

Learn More


The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal law in Canada that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia and Québec. AbacusNext does not have visibility into or knowledge of what our clients are uploading and hosting onto its Private Cloud, including whether or not that data is subject to PIPEDA regulations, so hosting clients are responsible for their own PIPEDA compliance.

Learn More


The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Learn More


The Federal Information Technology Acquisition Reform Act (FITARA), passed by Congress in December 2014, is a historic law that represents the first major overhaul of Federal information Technology (IT) in almost 20 years. The purpose of this legislation is to improve the acquisition and management of Federal information technology assets.

Learn More

Sarbanes-Oxley Act (SOX)

Sarbanes-Oxley Act (SOX) requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud.

Learn More


The International Traffic in Arms Regulations (ITAR) is a set of regulations on the export and import of defense-related articles and services. As a part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to protected data to US Persons and restricting physical location of that data to the US. Abacus provides an environment physically located in the US and where access by Abacus Personnel is limited to US Persons, thereby allowing qualified companies to transmit, process, and store protected articles and data subject to ITAR restrictions.

Learn More


The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.

Learn More


General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.

Learn More