Security/Privacy Center

We are committed to protecting your data

When you send your hard drive to Gillware for recovery, you can be sure your sensitive data is in good hands and we have the accreditation to prove it.

Security Practices

Gillware’s internal security protocol has over 75 policies that contain more than 500 separate procedures. All of them are audited every year.

Our security process is SOC 2 Type II audited

Every year an independent firm reviews all processes and security measures employed by Gillware

We provide you HIPAA compliant data recovery services

If your data contains electronic protected health information (ePHI), we can process your data recovery according to HIPAA regulations.

Our staff is security screened and background checked

Our staff and facility complies with regulations in place by our government clients and is reviewed yearly.

All hardware is barcoded for quick identification

Upon check-in all drives, servers and other hardware is barcoded for tracking and identification.

Hardware is tracked the entire time it’s at Gillware

Every location at Gillware that hardware resides is barcoded and the hardware is scanned to each location.

All incoming and outgoing packages are logged and video recorded

Every package that comes or goes at Gillware is logged electronically and video recorded in high definition.

SOC 2 Type II Logo

Gillware is SOC 2 Type II audited

The audit process is extremely rigorous and is performed each and every year. During the audit process, auditors from an independent CPA firm work to review all processes and security measures employed by Gillware. Gillware’s internal security protocol has over 75 policies that contain more than 500 separate procedures. All of them are audited every year.

What is SOC 2 Type II?

The Service Organization Control (SOC) 2 Type II audit tests and reports on the operating effectiveness of a company’s procedures and rules. The audit is based on the “trust service principles” that are relevant to an organization. Gillware Data Recovery is audited in the areas of Security and Confidentiality.

The Security principle states that an organization’s system must be protected, both logically and physically, against unauthorized access. In Gillware’s case, we have protected physical access, careful documentation of visitors, password protected computers and encrypted networks.

The Confidentiality principle states that information that is designated “confidential” must be protected as committed or agreed. At Gillware, all employees sign a confidentiality agreement and we store all personal information on our secure network. Gillware fully erases all data from failed hard drives after recovery has been completed and data has been transferred.

Why does it matter?

Any company can claim their facilities and procedures are secure, but how can you be sure? By completing the SOC 2 Type II audit, Gillware has the independent review and accreditation to prove our commitment to data security.

With major security breaches in the news more and more frequently, Gillware’s SOC 2 Type II audited status is a comforting reminder to customers that our data recovery lab is safe from external threats. Our network and facilities meet the standards required for audit status and our security measures are tested and reviewed during the yearly audit.

By allowing an independent review group to audit our organization for security and confidentiality effectiveness, Gillware is offering a high level of oversight to not only the review group, but to its customers as well. The SOC 2 Type II audit keeps us accountable and ensures that all of our internal security protocol and procedures are followed at all times.

Emergency services

Gillware can provide HIPAA compliant data recovery

Upon request, Gillware offers a fully HIPAA compliant data recovery service for an additional $150 fee. This service includes additional safety measures in line with HIPAA requirements for protection of health information.

What does HIPAA compliant data recovery include?

HIPAA compliant data recovery goes above and beyond Gillware’s standard security procedures in order to meet the criteria for protecting electronic protected health information (ePHI) as determined by the HIPAA security rule.

From the time your hard drive enters our lab, it goes through a full chain of custody, meaning it will be documented and signed for at each step in the recovery process. Every time the drive is moved around our lab or handled by a technician, it is documented.

Additionally, the data on your drive will be fully encrypted during the recovery process. It will also be encrypted when it is returned to you on the transfer media of your choice. HIPAA regulations state that all ePHI must be encrypted during storage and transfer.

Finally, we perform a full, post-recovery audit to ensure all of your data has been completely removed from our secure network.

Who needs HIPAA compliant data recovery?

The Health Insurance Portability and Accountability Act (HIPAA) affects all covered entities (CEs) and their business associates (BAs). Covered entities include health care providers, health plans and health care clearinghouses. Business associates are any organizations that help a covered entity carry out its health care activities and functions, and must have a written business contract or other arrangement with the covered entity establishing specifically what they have been engaged to do.

Even if you are a HIPAA covered entity or business associate, you will only need our HIPAA compliant service if the failed hard drive contains electronic protected health information (ePHI). If the drive does not contain any ePHI, you can proceed with standard recovery services.

Due to the extra security measures involved in a HIPAA compliant data recovery, Gillware charges an extra $150 fee for this service.

Gillware holds GSA Contract No: GS-35F-0547W

GSA Contract Logo

If you are currently in the Armed Forces or if you are currently an employee of another government agency and have any questions about our services please call our GSA specialist Peter Holewinski at 877-624-7206 Ext. 8884.

Gillware, Inc. holds General Services Administration (GSA) contract number: GS-35F-0547W. Gillware, Inc’s data recovery services are available under GSA Schedule 70 and can be found on the GSA Advantage website.

Through this contract Gillware provides the Armed Forces and other government agencies preferential pricing.

View Gillware’s Capability Statement

Building Icon

Facility and Staff

Gillware employs a world-class engineering team to work in our top-of-the-line data recovery lab. Both our staff and facilities are SOC 2 Type II audited and held to the highest security standards.

Our expert data recovery team

All Gillware employees are screened and background checked before being hired. Our data recovery team includes mechanical and electrical engineers, computer scientists, and software developers that have years of experience dealing with different data loss situations. Our employees are required to follow all of Gillware’s 75 security policies and over 500 separate procedures in order to meet SOC 2 Type II audit requirements.

Our innovative recovery facilities

Our 10,000 square foot data recovery lab is located in Madison, Wisconsin. Our entire premises are protected with restricted key fob access. All visitors are carefully documented and escorted through the lab to eliminate security risks. The facility meets SOC 2 Type II audit requirements for security. Our lab includes ISO 5 Class 100 horizontal flow workstations and other proprietary data recovery tools to ensure a high rate of success.