Beginning October 1st…
Beginning October 1st, Vivio will be implementing a new security standard that our support team will be required to follow when working with all customer accounts. This standard is known as SSAE16. While our customers can attest that our current standard of service is already impressive, the SSAE16 standard requires us to change how we work with your servers and your potentially confidential information.
In this post, I’ll try to explain in detail how these changes will effect you and how you interact with Vivio.
How does Vivio currently keep my information secure?
Vivio has always placed heavy emphasis on your privacy and security. Vivio owns and operates its own facilities. We do not colocate like some other providers do. The following are some examples of some steps Vivio currently takes to protect your privacy and physical security in our facility:
- All Vivio employees must complete an FBI Background Check
- All Vivio employees must complete WSP Security Awareness Training
- All physical access to Vivio office space is protected by RFID keycard systems
- All Vivio employees are issued a unique keycard and all physical access is logged and tracked
- The Vivio Data Center is further protected by a PIN system
- All Vivio employees are issued a separate PIN for access to the Vivio Data Center
- All physical access to the Vivio Data Center is logged and tracked
- All entrances to the Vivio Data Center are protected by magnetic monitors connected to the Vivio alarm system
- The Vivio Data Center is further protected by motion sensors connected to the Vivio alarm system
- Should the Vivio alarm system be tripped, local law enforcement is automatically dispatched
There are more, but you get the idea. We believe that when you trust your hosting account with Vivio, we are expected to do everything we can to secure and protect it to the best of our ability. The implementation of the SSAE16 guidelines throughout the entire Vivio organization is just one more step that we can take to offer the best service possible. We know you have a lot of choices when looking for a hosting provider. When you choose Vivio, we don’t take your trust for granted!
What is SSAE16 and how does it help me?
SSAE16 is an acronym for Statement on Standards for Attestation Engagements (SSAE) Number 16. It was created by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and became the official replacement of the aging SAS70 standard in 2011.
To put it very simply, SSAE16 is all about accountability. Once the SSAE16 standards have been fully implemented at Vivio, everything a Vivio technician does on your account will be logged and recorded for security and auditing purposes. This gives Vivio clients and partners an extreme level of security and privacy with their accounts.
This other provider claims to be SSAE16 compliant, how is Vivio any different?
It is important to understand that some providers will simply audit the data center in which their servers are located, and not take the extra steps necessary to bring their entire organization (which includes their support department) into SSAE16 compliance. In our opinion this is a somewhat misleading practice because even though your physical servers are protected by the SSAE16 guidelines, the entire organization hasn’t been audited, and you’re not as protected as you may believe you are.
Even more, some hosting providers colocate their servers in someone else’s data center, and again only the data center has been audited. The colocating provider can then claim to be SSAE16 compliant, even though they or their company have never been audited in any way. Again, we feel this is somewhat misleading.
If you’re evaluating a provider for SSAE16 compliance, ask to see the official SSAE16 audit report, and make sure their support practices have been audited as well as their data center facilities. If the audit report doesn’t mention an audit of their support policies, then they haven’t been audited and your data is not as safe as it could be!
How will SSAE16 certification change how I work with Vivio?
The change will have various effects on how you interact with Vivio and depends mostly on if you subscribe to Managed Support or not. In order to help make things simpler to understand, we’ll be updating our various levels of support to be a lot clearer. The following shows how each support level will change with the SSAE16 implementation:
Fundamental Support (formally ‘Root Support’)
Our ‘Root Support’ option, which is included by default on all accounts, is being renamed to ‘Fundamental Support’. In the past, ‘Root Support’ has been nebulous and unclear on what was covered. However, now that we’re required to follow a strict set of guidelines, we have to be specific on what we will cover under Fundamental Support.
The idea of ‘Fundamental Support’ is to give you the ability to do the things that you can’t do because you’re not physically present with your server. To that end, the following list is very inclusive – in fact it’s so inclusive that we’ve seen some providers refer to this level of support as ‘Managed Support’! In our opinion, these services should be provided by default, as part of the ‘fundamental’ support you expect from your provider.
- Server Reboots
- Verification of Cable Connections
- Indicator Light Reporting
- Console Information Reporting
- DNS Entry Replication
- Hardware Failure Diagnostics
- Includes Vivio Monitoring by Default Policy
- Includes Vivio Backups by Default Policy
- Free of Charge Bare Metal Restorations
- Connectivity Diagnostics
- Lock-Out Correction
Under the SSAE16 guidelines, Vivio technicians will not have access to your passwords under Fundamental Support.
Managed Support (merging with ‘Security Support’)
Huge improvements are being made to Managed Support. First, for those of you familiar with our previous ‘Security Support’ option, understand that Security Support is now being merged with Managed Support. The merge adds value and removes confusion about what’s covered. Those of you who are currently using Managed Support, will continue to receive the same great service you’re familiar with, but the following benefits will now be included:
- Removal of the 2-hour per month limit (unlimited support as often as you need it)
- Free SSL Certificate installations (The standard $49 fee is waived)
- PCI Scan adjustments are now included (previously required Security Support)
- Extensive, clear list of supported software and services (to be included on new site)
- 50% discount on cost of Extended Support (In the rare event that you might need it)
- Optional enhanced monitoring of Disk, RAM, etc with email alerts to both you and Vivio Support
The idea of Managed Support is that we will support any software that’s included on your server when we give it to you. Even so, to be as clear as possible, the new Vivio web site will include a very extensive list of exactly what’s covered under Managed Support. The new Vivio site will be released as soon as it’s ready.
Extended Support remains largely the same, and is a way for us to offer support for anything non-standard. We’re your partner, and we never want you to feel like have no one to turn to. Vivio’s primary goal is to help you succeed.
Will SSAE16 certification change how much Managed Support costs?
Yes. The cost for Managed Support will be increasing to $30/mo and a $30 one-time setup fee for new subscribers. The new SSAE16 guidelines will significantly alter how our technicians interact with your servers and your data as a whole. For example, every technician will be uniquely identifiable by their connecting IP address. If you call and request support, their access to your information will be logged and recorded in every way. This requires Vivio to make significant changes and investments in infrastructure; increasing our cost of providing Managed Support. Similarly, the new SSAE16 compliant process requires additional effort and licensing when adding or removing users to these systems. The setup fee will be used to cover the cost associated with adding and removing users to and from Managed Support.
We worked diligently to keep the new cost of Managed Support as low as possible. If you research, the $30 cost of Vivio’s Managed Support remains significantly less than competing hosting companies offering similar services. Don’t be fooled by the overly simplified term: “Managed Support”!
I already have Vivio Managed Support – do I have to pay the setup fee?
No. Current Managed Support subscribers, as well as anyone who signs up for Managed Support between now and October 1st, will be grandfathered into the new SSAE16 compliant Managed Support. You will only be charged the new base cost of $30/mo, and will not be charged a setup fee. Anyone not subscribed to Managed Support after October 1st, will need to pay the setup fee.
I already have Vivio Security Support – do I have to pay the setup fee?
No. Current Security Support subscribers, like the Managed Support subscribers, will be grandfathered into the new SSAE16 compliant Managed Support with no setup fee. The only change will be the new Managed Support base cost of $30/mo.
Wow. $30 per month. That seems like a lot!
Vivio’s cost of just $30 per month for unlimited support that is SSAE16 compliant is extremely affordable. In fact, we were worried that it may be too affordable, but running the numbers, we believe we can make this work and offer you incredible value in terms of true SSAE16 compliant Managed Support.
We encourage you to compare Vivio’s Managed Support cost – including the unlimited amount of time and the sheer quality and quantity of services we offer with any other service provider offering similar services. Here are some reference links to get you started:
- Rackspace – $50/mo minimum with minimal support options
- Linode – $100/mo minimum
- SingleHop – $70/mo minimum
… and these are the ones who openly tell you how much they cost. Many providers offering the same level of service Vivio offers won’t tell you outright how much they cost. We believe the $30/mo cost is extremely affordable, and after doing some research, we hope you see it that way too!
What if I’ve already pre-paid for Managed Support?
All pricing is guaranteed for the duration of the pre-paid term. You will only be charged the new Managed Support rate when you renew your service.
I subscribe to Managed Support, but I don’t want to pay the new rate.
No problem! We completely understand and you’re welcome to cancel your current Managed Support with no hard feelings. We realize the new rate won’t fit into everyone’s budget. If you get an invoice for the updated Managed Support rate, and no longer wish to keep Managed Support, just let us know and we’ll remove it from your account. Your service will still be covered by Fundamental Support, regardless of if you have Managed Support or not.
This post is too long, I didn’t read all of it.
In short: we’re improving our Managed Support by implementing the SSAE16 security standard. This will increase your privacy and security as well as change how much Managed Support costs to $30/mo. If you already have Managed Support, you will see the new $30 cost on your next invoice. If you don’t have Managed Support, not much will change for you, but if you sign up for Managed Support later, there will be a $30 one-time setup fee.
I still have questions!
Please don’t hesitate to contact our sales or billing departments and we’ll do everything we can to help: