Partner with a company with the right compliance programs and certifications.

Canadian Web Hosting is proud to have the necessary controls and measures that comply with local and corporate requirements.

Our SOC 2 Type II certification helps your business meet its SSAE 16 certification requirements in accordance with AT 101 (formerly the SAS70 and CSAE 3416 Type II).

Learn More

We’re always striving to improve and we’ve implemented ISO 27002 established guidelines and principles for security management into our organization.

Learn More

Canadian Web Hosting is fully compliant with PIPEDA (The Personal Information Protection and Electronic Documents Act) and helps companies meet the mandatory provisions of the protection of personal information.

Learn More

Canadian Web Hosting is 100% PHIPA (Personal Health Information Protection Act) compliant.

Learn More

Canadian Web Hosting utilizes the Control Objectives for Information and Related Technology (COBIT5) framework for their information technology management.

Learn More

Canadian Web Hosting follows the best practices for cloud security controls as set out by the Cloud Security Alliance (CSA).

Learn More

What does this mean for our customers?

By outsourcing web hosting services like dedicated servers, virtual private servers (VPS), cloud servers, and shared hosting to a company that meets local and corporate requirements, including SSAE 16, your company can focus on what matters most—its customers.

Our SSAE 16 compliant hosting environment can take care of the following for you:

  • Facilities and asset management
  • Logical access and access control
  • Network and information security
  • Computer operations
  • Backup and recovery
  • Change and incident management
  • Organizational and administrative controls
  • Security policies, reporting, and monitoring
  • Physical and logical security

Why partner with Canadian Web Hosting?

  • 100% Canadian
  • SSAE 16 compliant web hosting
  • Enterprise-grade web hosting hardware
  • Secure hosting environment
  • SSL capability
  • Hardware and software firewall
  • IP-Restricted FTP
  • Managed backups with guaranteed retention
  • Advanced 24/7 monitoring
  • Multi-level intrusion prevention (IPS/IDS)
  • Anti-spam, anti-malware, anti-virus
  • Log management

AT 101 SOC 2 Certification

We’ve built a solid foundation around SSAE 16 requirements including physical security, data storage, and control procedures. As a result, our customers can feel confident that they are in a secure, reliable, and effective environment that has the proper controls for internet operations and highly available IT services.

The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) issues the SSAE 16 Type II (formerly SAS 70) to service organizations that typically offer outsourced services. An auditor's report details the service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.

Contact us at for our SOC 2 report.

ISO 27002

As a company, we have developed standard organizational security standards and effective security management practices. Our customers can feel reassured that their business and governance requirements are met.

Our security management guidelines include:

  • Security policy
  • Organization of information security
  • Asset management
  • Physical and environmental security
  • Communications and operations management
  • Access controls
  • Information systems acquisition, development, and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance


We are fully compliant with all mandatory PIPEDA provisions. These outlines include, but are not limited to:

  • Consent is garnered for collection of personal information
  • Collection of personal information is limited to reasonable purposes
  • Limited use and disclosure of personal information
  • Limited access to personal information
  • Stored personal information must be accurate and complete
  • Designated role of the Privacy Officer
  • Policies and procedures for breaches of privacy
  • Measures for resolution of complaints
  • Special rules for employment relationships


PHIPA is often considered the Canadian equivalent to HIPAA (Health Insurance Portability and Accountability Act). Customers should note that as part of PHIPA compliancy, information stored and user consent is given to the healthcare provider that obtains and maintains the data, not the hosting provider.

As an IT service provider, we ensure the following:

  • To send a notification of any privacy breach to the customer as soon as possible
  • To provide a plain language description of our services
  • To have our own written privacy policies
  • To prepare an audit trail feature to track the use of our database
  • To have written risk assessment of our systems

Canadian Web Hosting is 100% owned and operated in Canada. For additional information, visit or contact us at


COBIT5 is an industry leading IT framework for the governance and management of enterprise IT and represents a critical component of our compliance program, including the ability for clients to work directly with certified staff to help build and meet their specific IT requirements.

The COBIT5 framework is focused on several distinct areas that help meet specific compliance and governance criteria, including:

  • Audit and assurance for managing vulnerabilities and ensuring compliance
  • Risk management for evaluating and optimizing enterprise risk
  • Information security to oversee and manage information security
  • Governance of enterprise IT that ensures alignment of IT goals and strategic business objectives

CSA Security, Trust & Assurance Registry

The Cloud Security Alliance (CSA) strives to define and raise awareness of best practices for a secure cloud computing environment. It operates the most popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered program of self-assessment, 3rd-party audit and continuous monitoring.

To indicate compliance to CSA best practices, Canadian Web Hosting has completed the Consensus Assessments Initiative Questionnaire (CAIQ). This questionnaire provides the answers to a set of over 295 questions a cloud customer or auditor may wish to ask of a cloud infrastructure provider. Access Canadian Web Hosting’s completed questionnaire on the CSA website.