Customers who are evaluating colocation facilities need to know that their equipment and sensitive information will be maintained in an environment that is resilient, safe and secure. Standards and compliance are of vital importance for any colocation facility who must have the right processes, controls and procedures in place to ensure that industry standards are met.
The colocation provider must demonstrate their commitment to meeting your colocation compliance needs.
- Are they familiar with your industry and the specific regulations you need to meet?
- Do they have policies in place to perform self-assessments to stay up to date with standards and prove compliance?
- Do they regularly train their staff, have a process for incident reporting, and a review board?
- Are they equipped to handle your audits?
The ability for a provider to satisfy your colocation compliance needs is more than just a checkbox. Any provider should prove to you how they educate their staff and follow specific policies and procedures to ensure you are protected.
What are the common colocation compliance standards?
Compliance with SSAE 16, PCI DSS, HIPPA and LEED standards is critical for any colocation facility.
- SSAE 16
The SSAE 16 audit, issued by the American Institute of Certified Public Accountants, is a comprehensive, in-depth examination intended to provide a full description of operational processes, safety controls, systems and technical design for cloud services and data centers. Its purpose is to ensure that a colocation service’s appropriate internal controls are in place and constantly monitored.
- PCI DSS
PCI DSS standards were designed to curb high-profile security breaches and protect the security of consumer credit card transactions. They consist of server hosting procedures and PCI hosting standards set forth in 12 core requirements that all compliant businesses must meet.
For a data center to be HIPAA compliant, they must follow the Code of Federal Regulation set by HIPAA inspectors and then pass a rigorous audit proving it. The inspectors confirm how data that includes protected health information (PHI) is stored, protected and encrypted and ensure that there is a Business Associate Agreement (BAA) between clients.
The Leadership in Energy and Environmental Design (LEED) rating system, developed by the US Green Building Council, certifies the construction, design, maintenance and operation of environmentally efficient, responsible buildings. Characteristics of a typical LEED-certified data center include: an advanced low energy consumption cooling system, a clean backup power system, improved cooling efficiency, renewable energy sourcing, reduced consumption of energy, intelligent design and green construction.
How We Ensure Compliance at OneNeck
Staying up-to-date on the latest industry and compliance standards is a critical requirement for all businesses. As data breaches are a more common occurrence and fines for noncompliance are hefty, your data center needs to be vigilant to ensure your requirements are being met with the proper controls, procedures and processes. At OneNeck, we prioritize our commitment to protect your organization by meeting and exceeding expectations, our data centers are built with your critical data in mind.
- SSAE: Every OneNeck data center undergoes an SSAE 16 review to conform to compliance regulations on multiple fronts, such as:
- Maintain sufficient data and power redundancy
- Maintain appropriate physical security controls (person trap, security guards, biometric scanning and video cameras)
- Monitor for excessive temperature fluctuations
- Review alerts on a timely basis
- Provide appropriate fire/water detection and protection
- HIPAA: We can negotiate BAAs for colocation and provide a press release of successful examination.
- PCI DSS: We meet PCI standards and can provide customers with our Attestation of Compliance (AOC).
- ISO 27001:We can provide customers a link to our certificate.
- S.+– EU Safe Harbor: We can provide customers a link to the government website listing our certification as current.
- SOC: As part of our service we can provide a SOC 1 Type 2 report with Management Responses.
Certainty is the Bottom Line
When deciding on a data center partner, don’t just compare racks, power and price. We encourage you to visit one of our purpose-built facilities and meet our staff — the real people responsible for managing and protecting your data. Let our team take you through our ITIL-based procedures, and see first-hand the engineering skills, knowledge and thought leadership that operates our highly-reliable facilities. Once you do, we’re sure you’ll be convinced OneNeck has everything you need to take the complexity out of colocation.