DATA CENTER CERTIFICATIONS
Data center certifications enable data centers to keep up with the quick and ever changing trends in technology. As new or innovative technology enters the market, new legislation, codes of conduct, and more competition urges data center owners and operators to make sure they have an in compliance data center. Each of Colocation America's 22 data centers nationwide have received the following certifications to give our customers peace of mind on how their data are stored. Below are some of the best certifications a data center could have:
What Are the Best Data Center Certification Standards?
HIPAAColocation America adheres to the standards set forth by The Health Insurance Portability and AccvA). An audit system was established by HIPAA to ensure data center facilities are following a strict code of Federal Regulation set forth by independent inspectors. This system was established to secure the transfer and storage of Protected Health Information (PHI) of patients. Our data center are in compliance with all 19 HIPAA standards, meaning all server hosted are secure enough to store PHI which is important for those working within the healthcare industry. (Read more)
PCI DSSColocation America Data Centers are PCI compliant and offer your business trusted and secure support for all credit card transactions processed on line. PCI DSS standards were created in 2004 to curb high-profile security breaches by the founding brands of the PCI Security Standards Council. Those brands included the following: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International. The Payment Card Industry Data Security Standard (PCI DSS) protects consumer security for all businesses that process transactions using credit cards. (Read more) Our specialist’s work hard to ensure consumer identity is protected and that all controls are in place at all times. (Read more).
Uptime Institute Tier Certifications
All of Colocation America’s 22 data centers adhere to the standards set by the Uptime Institute. The Uptime Institute uses a somewhat mysterious four-tier ranking system as a benchmark for determining the reliability of a data center. Unfortunately, the Uptime Institute has chosen not to fully publish the evaluation criteria for these different tier levels. Few data centers have tier certifications from the Uptime Institute. Only 38 facilities or design documents for facilities have official tier certifications at this point; these are primarily enterprise data centers. The result is that the Uptime Institute’s definitions have been misused by the industry, ignorantly in many cases. Facility builders, designers and owners have tried to tweak the terminology slightly to give it their own unique flavor. Colocation America, however gives you the full specifications of their 22 data center locations so that even the ones not certified by the Uptime Institute can still meet the requirements set by them. (Read More).
Data Center Security Certifications
SSAE 16Colocation America is in full compliance with SSAE 16 type II standards set forth by a certified independent CPA. SSAE 16 is a set of guidelines for reporting on the level of controls at a service organization. All data stored within the server adheres to the SSAE 16 security guidelines. The data center is built in compliance with the SSAE 16 requirements and certified controls to secure the transfer of sensitive business data. Our data center technicians adhere to the strict guidelines to ensure servers are managed in accordance to SSAE standards. (Read more)
Service Organization Control (SOC)
The SOC reporting framework consists of 3 types of reporting standards; the SOC 1, SOC 2, and SOC 3. SOC 1 reporting uses the SSAE 16 professional standard and is more geared towards reports on the Internal Control over Financial Reporting (ICFR). It is designed to be a reporting standard for a business’ financial reports, highlighting its financial accounting and reporting practices. Although it is similar to the SAS 70 reports it is not relevant to service organizations like data centers which manage a business’ IT infrastructure.
How Does a Data Center Become Compliant?
To keep things clear, data center compliance certification comes in two types: statutory and standard.
Data Center Compliance Levels:Statutory certifications are required by law—e.g. HIPAA. Standard certifications are requirements put in place by authoritative bodies which define specific criteria for performance operations. This would be akin to the American Kennel Club's (AKC) requirements for dog shows. While not lawfully required by any government agency, the rules still apply and it makes AKC certified dog shows more authoritative than others. This is true for data centers as well. Tier standards are not required by law, but they hold much more weight than data centers not graded by the Uptime Institute for data center tier certification. A data center becomes statutory required right off the bat—it's not optional. Once the data center is ready for operation a recognized third party auditor will make sure it abides by all laws before the lights come on, so to speak. To become standard certified it's all up to the data center owner. This is where data center compliance can get rather tricky. Owners have their own compliance plans based on the costs, needs, and demand for their center. A data center that's not as regulated as others will, while cheaper, will soon gain an tarnished reputation. The balance between cost and compliance is a tricky one, especially for newer data centers. A well certified data center is always best.
We here at Colocation America are ready to help you figure out your financial reporting needs. Corporations that abide by the Sarbanes-Oxley regulations will have to get a thorough understanding of the security practices put in place that protect their dedicated servers. Figuring out which reports would provide the most relevant information is a key part in understanding the security of your sensitive business data. We will be happy to discuss with you and your auditor which type of reports you need to make sure that you (and us) stay in compliance with the operating standards of a good business.