DRFortress Delivers Best-in-Class Data Center Compliance
Why is Data Center Compliance Important for Your Business?
Data center compliance standards, also referred to as data center security standards, help ensure that data center facilities are using best practices for data protection. Standards vary between the different types, but there are several types of compliance that data centers can be audited and assessed for to prove that they are secure enough to store various types of data.
When you’re searching for a data center to house your business’s critical information, make sure the data center is compliant with your industry. You alone are responsible for ensuring your business data is secure at all times, so it’s vital to do your homework when choosing where that data is stored.
The DRFortress Difference
The DRFortress data center is the largest and most advanced commercial colocation services facility in Hawaii. It is operated by a team of professionals with more than 100 years of combined data center experience.
DRFortress is a data center operator that is committed to providing the highest level of data center compliance standards and security controls. We go above and beyond industry security standards to keep your data safe.
DRFortress’ Regulatory Audit Compliance Assistance for Customers
DRFortress has and will continue to assist clients with its own regulatory and data center compliance audits regarding the physical security of their IT infrastructure and data center services. DRFortress’ diligence and commitment to compliance are evident with many of our clients successfully meeting FISMA, FEDRAMP, FDIC, HIPAA, PCI, Sarbanes Oxley, SOC 1/2/3, JSOX, and innumerable other standards.
SOC 1 (SSAE 18) Type 2, SOC 2 Type 2, ISAE 3402, PCI and ISO Annual Examinations
We voluntarily undergo vigorous annual examinations to provide this assurance to our clients such as SOC 1 Type 2 (SSAE 18 -fka6/SAS 70), SOC 2 Type 2, ISAE 3402, PCI and ISO. DRFortress is committed to maintaining data center compliance requirements for these exams. DRFortress offers SOC report documentation to its clients upon request as part of its data center compliance protocol. The Statement on Standards for Attestation Engagements (SSAE) No. 18 was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and became effective on May 1, 2017.
What Does SOC 2 Type II Mean?
SOC is an acronym that stands for system and organization controls. These controls are standards that were created to measure how a data center regulates information. Knowing a data center has passed the SOC audit procedure provides peace of mind to its customers. SOC 2 has five trust principles that control information:
- Processing Integrity
To obtain this certification, security policies and procedures must be established and adhered to. Continuous security monitoring alerts us instantly to any unusual activity, and a detailed auditing process is required for SOC 2 compliance regulations.
Verified ISO Certification
DRFortress is the only Hawaii-based colocation facility to have achieved the International Organization for Standardization certification (ISO 27001) covering the operations and security of our data center as well as its policies and procedures.
The ISO 27001 is presumptive gold standard in information security as one of the most stringent certifications available involving an organizations risk management processes.
What are the ISO Certification Requirements?
- A comprehensive set of security controls
- A mature risk assessment and treatment program
- An internal audit and management review to process to ensure continuous monitoring and improvement
- Effective security awareness training
- Continual improvement initiatives
Obtaining the ISO 27001 involves a multi-stage security audit, including an initial review of the entity’s ISMS (Information Security Management System), followed by an in-depth, formal audit of the company’s ISMS and controls. Annual surveillance review/audits are performed to verify that compliance with the standards and continual improvements are maintained.
Along with our Uptime Institute certified staff, the ISO 27001 certification validates DRFortress’ position as one of the leading designers and operators of world class data centers.
Standards for Attestation Engagements (SSAE) No. 18 was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and became effective on May 1, 2017. SOC 1 & SOC 2 examinations (specifically the SSAE 18), effectively replace the SSAE 16/SAS 70 as the authoritative guidance for reporting on service organizations.
According to the American Institute of CPAs (AICPA): Service Organization Reports serve to assist service organizations “…that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.”
SSAE 18 examines access controls at service organizations to ensure adequate controls and processes were followed by service providers, thereby minimizing risk to our clients and assisting them in turn with their audits.
The primary purpose of an SSAE 18 report is to provide clients and their financial statement auditors with an understanding of the services being provided and a CPA firm’s opinion as to whether the description is fairly presented, the effectiveness of controls, and if controls are suitably designed. In the case of a “Type 2” report, the 3rd party auditors test to determine whether the stated controls were operating effectively over a significant period of time.
International Standard on Assurance Engagements (“ISAE”) 3402 is an international assurance standard that prescribes service organization control reports. The ISAE 3402 was published in June 2011 as a standard for documenting that a service organization has adequate internal controls including those from a financial reporting perspective, such as Sarbanes-Oxley, as well as those such as information security.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the goal of PCI DSS is to secure credit and debit card transactions against data theft and fraud.
In April 2016, the PCI SSC updated the PCI DSS standards to accommodate emerging threats and new methods of data processing and storage. Although DRFortress does not process Credit Card information, as our clients may do so within their colocation space, DRFortress is committed to complying with PCI requirements.
For more information on data center compliance or certification received, please contact us by clicking the button below.