Skip to main content

Amanah Tech

Talk to an Expert:   +1 416-603-9825 x 1

🏆 Price Match Guarantee  We’ll beat any colocation quote by 10%  ·  151 Front Street West, Toronto

Independently audited. Built for regulated industries.

Amanah’s infrastructure is SOC 2 Type II certified and compliant with Canadian federal and Ontario provincial privacy law. Our controls are independently tested, documented, and operating effectively not just implemented.

Location

151 Front St West

Data residency

Canadian data, always

Established

Since 2001

Certified

SOC 2 Type II

SOC 2 Type II Card
Service Organization
Control 2
AICPA Trust Services Criteria
TypeType II (over time)
AuditorAkitra
SecurityCovered
AvailabilityCovered
ConfidentialityCovered
PrivacyCovered
Processing integrityCovered
SOC 2 Type II

Controls tested over time.
Not just implemented.

SOC 2 Type II is the most rigorous form of the SOC 2 certification. Unlike Type I, which verifies that controls exist at a single point in time, Type II requires an independent auditor to test whether those controls were operating effectively over an extended period.

Amanah’s certification covers all five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The audit assesses controls across our physical infrastructure, access management, network operations, and incident response procedures.

Role-based access control and least-privilege enforcement

Access to systems and data restricted to minimum necessary permissions.

Continuous network monitoring

Traffic, routing, and infrastructure monitored around the clock by in-house NOC.

Incident detection and response procedures

Documented procedures for identifying, escalating, and resolving security incidents.

Incident detection and response procedures

Documented procedures for identifying, escalating, and resolving security incidents.

Change management and configuration controls

All infrastructure changes reviewed and approved through formal change management.

Infrastructure redundancy and uptime safeguards

N+1 redundancy across power, cooling, and network. 99.99% uptime SLA.

Physical security at data center facilities

Multi-layer authenticated access, CCTV, 24/7 on-site staff, unique per-client rack codes.

Vendor and risk management processes

Third-party vendors assessed and managed through formal risk management procedures.

Security Availability Processing Integrity Confidentiality Privacy
PIPEDA

Canada's federal privacy law for commercial activity.

The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how private sector organizations in Canada collect, use, and disclose personal information in the course of commercial activities. All Amanah operations, infrastructure, and data handling practices comply with PIPEDA’s mandatory provisions.

Because Amanah operates entirely within Ontario, all data hosted at TOR1 and TOR2 remains in Canada, subject to Canadian law. Amanah can provide documentation to support clients’ own PIPEDA compliance reviews.

Consent for collection of personal information

Personal information collected only with knowledge and consent of the individual.

Limited collection for reasonable purposes

Personal information collected only for purposes that a reasonable person would consider appropriate.

Limited use and disclosure

Personal information used only for the purpose for which it was collected, not sold or shared without consent.

Safeguards for protection of personal information

Documented procedures for identifying, escalating, and resolving security incidents.

Change management and configuration controls

Appropriate security measures protect personal information against loss, theft, and unauthorized access.

Data stays in Canada

All infrastructure at 151 Front Street West, Toronto, Ontario. No cross-border data transfers.

PIPEDA Card
Personal Information
Protection and Electronic
Documents Act
Federal Applies Canada-wide
JurisdictionFederal (Canada)
Enacted2000
Applies toPrivate sector commercial activity
Overseen byOffice of the Privacy Commissioner
Data locationCanada only
Amanah statusCompliant
PIPEDA Card
Personal Health
Information
Protection Act
Ontario Health data protection
JurisdictionOntario, Canada
Enacted2004
Applies toHealth information custodians
Overseen byInformation and Privacy Commissioner of Ontario
Relation to PIPEDASubstantially similar, Ontario-specific
Amanah statusCompliant
PHIPA

Ontario's health data protection law.

The Personal Health Information Protection Act (PHIPA) is Ontario’s legislation governing the collection, use, and disclosure of personal health information (PHI). It applies to health information custodians hospitals, clinics, pharmacies, healthcare practitioners, and the IT infrastructure providers they rely on.

Amanah’s infrastructure is suitable for organizations subject to PHIPA. As an IT infrastructure provider, Amanah ensures that physical and logical safeguards are in place, breach notifications are issued promptly, and service descriptions are clear and transparent. The healthcare organization handling the data remains the custodian responsible for their own PHIPA compliance obligations.

Physical and logical safeguards for PHI

Multi-layer access controls, CCTV, and 24/7 monitoring protect all infrastructure housing health data.

Privacy breach notification

Amanah will notify clients of any privacy breach as soon as reasonably possible.

Plain language service description

Amanah provides clear descriptions of services, safeguards, and data handling practices on request.

Data remains in Ontario

All infrastructure at 151 Front Street West, Toronto. PHI never leaves the province.

Use limited to original collection purpose

Amanah does not access or use client data beyond what is necessary to deliver the contracted service.

Why It Matters

What certification means for your business.

Independent certification is not a formality. For organizations in regulated industries, it is a prerequisite for doing business and a signal of operational maturity.

Regulated industries

Healthcare, financial services, legal, and government organizations often require their infrastructure providers to hold SOC 2 certification or comply with specific privacy laws before engaging. Amanah meets these requirements.

Enterprise procurement

Large enterprises frequently include compliance requirements in vendor assessments and procurement processes. SOC 2 Type II and PIPEDA compliance reduces procurement friction and accelerates security reviews.

Canadian data residency

Many Canadian organizations are required or choose to keep data on Canadian soil subject to Canadian law. Amanah operates entirely in Ontario, which satisfies data residency requirements for PIPEDA, PHIPA, and most Canadian compliance frameworks.

Independently validated security

SOC 2 Type II means an independent auditor, not Amanah itself, has verified that our security controls work as described and have been operating effectively over time. This is the standard enterprises and regulated industries trust.

Healthcare infrastructure

PHIPA compliance makes Amanah suitable for hospitals, clinics, health tech companies, and any organization storing or processing personal health information in Ontario. The data stays in the province and the infrastructure meets required safeguards.

Documentation on request

Amanah can provide compliance documentation, service descriptions, and supporting materials for client security reviews, audits, and compliance assessments. Contact the team to request materials for your specific requirements.

Need compliance documentation?

If you are undergoing a security review, audit, or compliance assessment, Amanah can provide supporting documentation. Contact the team and let us know what you need.