Just as scalability, power density, security, and flood zoning are all important factors to consider when choosing your data center service provider, so too is compliance absolutely essential. From FINRA to HIPAA and everything in between, keeping your customers’ data safe is paramount whenever your business is handling sensitive information.
Formerly, data centers in the United States incorporated the Statement of Auditing Standards No. 70 (SAS 70) from the American Institute of Certified Public Accountants (AICPA). Today, however, the standards have been updated to a set of standards called Statements on Standards for Attestation Engagements No. 16 (SSAE 16), which is still governed by the AICPA.
Put simply, SSAE 16 is a way for a third party to measure levels and types of compliance within the world of data centers and colocation providers here in the United States.
SOC can also be clarified by type:
To get back to the question of whether or not Telx’s facilities are audited by a third party, however, the answer is yes.
In 2012 Telx made the decision to upgrade from SOC1 to SOC2 compliance. The adoption of this new standard which contains many predefined criteria for compliance is a major undertaking for many organizations. At Telx, to achieve SOC2 compliance we’ve made a significant investment in policy, process, and systems development as well as ongoing process management to ensure that we have a strong compliance foundation. We build and control to a minimum of ‘Type II’ reporting, and Telx undergoes (and completes) audits each year to ensure that all of our data centers continue to be SOC 2 compliant. In 2013 we successfully completed our first SOC2 audit which included 15 of our data centers. Our current SOC2 audit which completes March 31st 2014 will include all 20 Telx facilities that were in services as of the reporting period and covers the trust service principles of security and availability.
In addition to 21 data center facilities compliant with SOC 2, our Clifton Data Center Campus (NJR2 & NJR3) is fully PCI certified. Telx also seeks continual improvement by assessing standards such as FedRAMP, HIPAA and ISO 27001. In fact, we’ve included a mapping to the ISO 27001 principles in our SOC2 to ensure we cover those requirements as well. On top of that, we’ve engaged third party auditors to perform a complete HIPAA risk assessment and gap analysis which will complete this month.
What’s more, each new Telx facility is built to, and withstands, the same stringent requirements to ensure consistency amongst all of our facilities. We are very serious about our compliance, and part of the benefit of outsourcing your data center services is the ease of compliance through a provider like Telx when compared to attempting to do the same thing on your own.
Today, there’s no such thing as being too careful with customers’—and your own—sensitive data. And in cases of rules like HIPAA and FINRA, data sensitivity isn’t just a good idea—it’s the law. Here at Telx, we provide the compliant foundation you need to help keep your business’ data safe, and we’re audited every year for compliance with SOC 2 to prove it.