365 Data Centers has announced that all 16 of the company's data centers are compliant with the industry standards for HIPAA, PCI DSS 3.0, SSAE 16 SOC 1 Type 2, SOC 2 Type 2, and ISAE 3402. 365 is the only national colocation provider to achieve these certifications across all of its facilities. A-lign , an independent accounting and auditing firm, performed the audits and confirmed 365's compliance with these rigorous industry standards. The compliance reports provide the assurance that 365 Data Centers' services are suitable for businesses and applications that require high security, availability, control, and data privacy.
A-lign administered the HIPAA assessment and reconfirmed 365 Data Centers' compliance with HIPAA's Security Rule for administrative and physical safeguards, procedures, organizational safety measures, and policy and procedure and documentation requirements. The scope of the audit included all of 365 Data Centers' 16 U.S.-based colocation facilities, which were also found to meet the breach reporting requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH").
The auditing firm also certified 365's compliance with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information and transactions. PCI certification is critical for web-based businesses to safely process online payments.
The auditing firm certified that 365's facilities are compliant with the Statement on Standards for Attestation Engagements (SSAE 16) SOC 1 Type 2 and the SOC 2 Type 2 standards for systems and controls relevant to security and availability. Additionally, A-lign found that 365 is compliant with the International Standards for Assurance Engagements (ISAE) 3402, a global assurance standard for reporting on controls at service organizations to protect shareholders and the general public from accounting errors and material misstatements. SSAE 16 standards were developed specifically for certified public accountants (CPAs) to evaluate an entity's internal controls and the impact a service organization may have on the entity's control environment.
365 is the only major national colocation provider to demonstrate compliance with all of these certifications across 100 percent of its facilities. 365's well-documented procedures, systems and track record of operations allowed A-lign to perform the audit efficiently. 365's centralized support systems and controls enable rapid response times for customers in ways other providers cannot.
"It was important for us to have every one of our facilities achieve compliance for all five of these certifications," said Ross Warrington, vice president of operations, 365 Data Centers. "Some data center, service or cloud providers gain certification at just a few of their sites, leaving the details for clients to sort out in the fine print. 365 is focused on providing the best possible services for our clients, regardless of the operational rigors we have to go through to do that."
"Certifying compliance across all facilities is a significant accomplishment and an uncommon feat these days," stated Scott G. Price, CPA/CISA/CIA, managing director, A-lign. "365 didn't just re-certify itself for existing compliances but continues to raise the bar for client services by subjecting its data centers to an even greater and more rigorous process than last year."
Copies of the HIPAA, PCI DSS, SSAE 16, SOC 2 and ISAE 3402 audit reports and the company's HIPAA Business Associate Agreement (BAA) are available upon request.