Virtustream Blog

Simplifying Compliance Reporting with Self-Service Document Delivery

in Compliance, Cloud, Technology, Trust, xStream Talk

Going through an audit is an arduous process for large organizations, mainly due to the manual efforts that are involved with having multiple service providers who all need to provide documentation verifying the compliance of their platforms and services. As a result, enterprises are engaging their providers to explore new ways in which they can securely receive the reports and certifications they need in an on-demand fashion.

Having documents readily available not only simplifies your audit process, but also guarantees that your provider is being fully transparent in their operations by making their proof available 24/7. Because of this growing need, Virtustream is changing the way our customers access audit reports, attestation reports, and certifications by providing self-service documentation delivery through our xStream portal.

Self-Service Delivery

With our core focus on operating mission critical applications, most of our customers have specific and significant compliance requirements. When running these complex applications in a cloud environment, not only do you (the enterprise) have to be compliant, but you also have to ensure your cloud provider is compliant as well. We make this easy for you.

By providing on-demand access to our audit reports, attestation reports, and certifications through the xStream portal, we make simple, self-service access to these reports possible. All Virtustream Enterprise Cloud customers who have previously requested reports will, as of today, see those requested reports populated into their xStream portal. For customers who have provisioned specific audit reports with an associated SKU, these will also be available for download.

Being transparent about our certifications, compliances, and attestations is important to us, and we strive to give you a clear understanding about how we process, store, and secure your data. This new process will not only reduce the amount of time needed for audit report acquisition for current customers, but will reduce manual efforts for new customers by enabling them to securely download their requested documentation in real-time once populated into the xStream portal by our Security and Compliance team.

Document Storage

Along with self-service delivery, Virtustream has enabled our customers to leverage their own document storage capabilities in the xStream portal. You can now securely host your own compliance and invoice documents via the user interface (UI) and application programming interface (API) and extend them to your Virtustream representative to review or fill out.

Once a document has been populated into the xStream portal, your Virtustream representative will be able to easily and securely access the document, fill out any needed areas, and send it back to you through the same portal. These document storage capabilities eliminate the need to extend sensitive files and information through a separate channel, enabling our customers to trust that their files and data are secure at all times while hastening the process.

Alerting Capability

Users with permissions to view invoice and compliance documents within the xStream portal will also be able to leverage our new email alerting system. When a Virtustream representative publishes a document in a customer tenant, an email will be sent to account owners with permissions to download that document, alerting them of its availability.

This alerting capability enables ease of access for customers during the time of year in which Virtustream renews our audit reports, attestation reports, and certifications. Because of this capability, customers will no longer need to manually request the latest and greatest version of necessary documents, as the portal will alert them when a newer version of the report goes live.

Compliance Commitment throughout the Portfolio

Achieving and maintaining regulatory and industry compliance is complex and time-consuming, and enhancing the way we deliver compliance documents is just one step towards our greater goal of extending compliance commitment throughout our entire portfolio. In addition to self-service compliance document downloads, our customers can also leverage Virtustream Viewtrust to deliver automated, continuous risk and compliance management across their entire IT landscape. This provides you with a valuable near real-time view of your entire compliance posture, giving you increased protection while reducing the cost and complexity of meeting and demonstrating intricate compliance requirements.

Virtustream Viewtrust gives your compliance teams a way to manage the compliance process through its data collection and reporting processes. By comparing collected information to your compliance requirements, Viewtrust can alert your compliance team when the organization’s environment falls out of compliance. Additionally, Viewtrust’s reporting functions help streamline the process of preparing for an audit because the information from the IT assets has already been collected.

Organizing this standardized process to document, demonstrate, and manage compliance is key, which is why Virtustream Viewtrust implements an NIST Risk Management Framework (RMF). By leveraging this, customers are able to take advantage of SaaS-based risk management and continuous compliance monitoring, with the capability to deliver continuous and proactive monitoring of IT risk across cloud and non-cloud environments. This addresses risk concerns such as cyber, non-compliance, IT operations, audit readiness, and IT asset management. Viewtrust also can be used to provide compliance managers and managed services analysts the capability to review issues found by Rapid7.

The compliances associated with Virtustream’s cloud offerings are assessed and performed by either a certified public accounting (CPA) firm or an independent third party assessor (3PAO). For more information regarding the compliances of Virtustream’s cloud services, please visit the Trust Center or contact us for more information.