Data Center Compliance
Dependable Assurance You Can Count On
SOC 1 (SSAE 18) Type 2, SOC 2 Type 2, ISAE 3402, and PCI Annual Examinations
DRFortress is committed to providing the highest level of compliance and security and voluntarily undergoes vigorous annual examinations to provide this assurance to our clients such as SOC 1 Type 2 (SSAE 18 -fka6/SAS 70), SOC 2 Type 2, ISAE 3402, and PCI. DRFortress is committed to maintaining requirements for these exams.
DRFortress offers SOC report documentation to its clients upon request. The Statement on Standards for Attestation Engagements (SSAE) No. 18 was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and became effective on May 1, 2017.
SOC 1 & SOC 2 examinations (specifically the SSAE 18), effectively replaces the SSAE 16/SAS 70 as the authoritative guidance for reporting on service organizations. According to American Institute of CPAs (AICPA): Service Organization Reports serve to assist service organizations “…that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.” SSAE 18 examines access controls at service organizations to ensure adequate controls and processes were followed by service provider, thereby minimizing risk to our clients and assisting them in turn with their own audits. The primary purpose of an SSAE 18 report is to provide clients and their financial statement auditors with an understanding of the services being provided and a CPA firm’s opinion as to whether the description is fairly presented, the controls are suitably designed, and in the case of a “Type 2” report, the 3rd party auditors test to determine whether the stated controls were actually operating effectively over a significant period of time.
International Standard on Assurance Engagements (“ISAE”) 3402 is an international assurance standard that prescribes service organization control reports. The ISAE 3402 was published in June 2011 as a standard for documenting that a service organization has adequate internal controls including those from a financial reporting perspective, such as Sarbanes-Oxley, as well as those such as information security.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the goal of PCI DSS is to secure credit and debit card transactions against data theft and fraud. In April 2016, the PCI SSC updated the PCI DSS standards to accommodate emerging threats and new methods of data processing and storage. Although DRFortress does not process Credit Card information, as our clients may do so within their colocation space, DRFortress is committed to complying with PCI requirements.
Regulatory Audit Compliance Assistance for Clients
Additionally, DRFortress has and will continue to assist clients with their own regulatory and compliance audits regarding physical security of their IT infrastructure and datacenter services. DRFortress’ diligence and commitment to compliance is evident with many of our clients having successfully met FISMA, FEDRAMP, FDIC, HIPAA, PCI, Sarbanes Oxley, SOC 1/2/3, JSOX, and innumerable other standards.
For more information on compliance or certification received, please contact us by clicking the button below.