• Customer Stories

      • XTREME-D

        Find out how XTREME-D was able to meet its objectives and has positioned itself for further growth by partnering with Digital Realty and leveraging PlatformDIGITAL®.

        Keep Reading
      • Telefónica UK

        See how they leveraged PlatformDIGITAL™ Data Hub to localise data aggregation, staging, analytics, streaming and data management to optimise data exchange and maintain data compliance.

        Keep Reading
      • Criteo

        By partnering with a company like Digital Realty, Criteo has somebody who can work with them to ensure they move a long way towards their sustainability goals

        Keep Reading
      • Join Digital

        With increasing demand for a turnkey experience, Join™ helps their customers brings the built and digital worlds together with the essential Network-as-a-Service and IT-as-a-Service offerings for Smart Buildings and Smart Workplaces.

        Keep Reading
      • AIB

        AIB, Inc., a leading data exchange and management firm serving over 1600 automotive customers, sought to diversify their cloud portfolio to realize reduced latency, increased availability, and harden security posture.

        Keep Reading
    • Global Data Insights Survey

      Read the survey

    • Investor Relations

      Digital Realty owns, acquires, develops and operates data centers. The company is focused on providing data center, colocation and interconnection solutions for domestic and international customers.

    • Investor Relations
    • Leadership
    •  
    •  
    •  
— Blog

Are Telx’s Data Centers Audited By a Third Party?

Daniel Wolfe
March 7, 2014

Just as scalability, power density, security, and flood zoning are all important factors to consider when choosing your data center service provider, so too is compliance absolutely essential. From FINRA to HIPAA and everything in between, keeping your customers’ data safe is paramount whenever your business is handling sensitive information.

Formerly, data centers in the United States incorporated the Statement of Auditing Standards No. 70 (SAS 70) from the American Institute of Certified Public Accountants (AICPA). Today, however, the standards have been updated to a set of standards called Statements on Standards for Attestation Engagements No. 16 (SSAE 16), which is still governed by the AICPA.

Put simply, SSAE 16 is a way for a third party to measure levels and types of compliance within the world of data centers and colocation providers here in the United States.

SSAE 16 is divided into three types of Service Organization Controls (SOC):

  • SOC 1: Focuses on internal controls over financial reporting, and was the replacement of the former SAS 70 standard.
  • SOC 2: This is the most stringent form of SOC compliance and includes an examination of adherence to, and testing of, controls for specific “Trust Services Principles” (TSP) of criteria within each of the five reportable sections of SOC 2 (Security, Availability, Processing Integrity, Confidentiality, and Privacy).
  • SOC 3: Focuses on whether or not an entity meets the required standards and does not include the specific test methods, results, or opinions of the examiner.

SOC can also be clarified by type:

  • Type I: Accounts for the ability to test and report on the design of the controls (Answers for: has the entity accounted for all relevant variables with policies and procedures to sufficiently support?).
  • Type II: Accounts for the suitability of design and operating effectiveness of the controls (Answers for: are the policies and procedures applicable, implemented effectively, and used in accord with the design?)

To get back to the question of whether or not Telx’s facilities are audited by a third party, however, the answer is yes.

In 2012 Telx made the decision to upgrade from SOC1 to SOC2 compliance. The adoption of this new standard which contains many predefined criteria for compliance is a major undertaking for many organizations. At Telx, to achieve SOC2 compliance we’ve made a significant investment in policy, process, and systems development as well as ongoing process management to ensure that we have a strong compliance foundation. We build and control to a minimum of ‘Type II’ reporting, and Telx undergoes (and completes) audits each year to ensure that all of our data centers continue to be SOC 2 compliant. In 2013 we successfully completed our first SOC2 audit which included 15 of our data centers. Our current SOC2 audit which completes March 31st 2014 will include all 20 Telx facilities that were in services as of the reporting period and covers the trust service principles of security and availability.

In addition to 21 data center facilities compliant with SOC 2, our Clifton Data Center Campus (NJR2 & NJR3) is fully PCI certified. Telx also seeks continual improvement by assessing standards such as FedRAMP, HIPAA and ISO 27001. In fact, we’ve included a mapping to the ISO 27001 principles in our SOC2 to ensure we cover those requirements as well. On top of that, we’ve engaged third party auditors to perform a complete HIPAA risk assessment and gap analysis which will complete this month.

What’s more, each new Telx facility is built to, and withstands, the same stringent requirements to ensure consistency amongst all of our facilities. We are very serious about our compliance, and part of the benefit of outsourcing your data center services is the ease of compliance through a provider like Telx when compared to attempting to do the same thing on your own.

Today, there’s no such thing as being too careful with customers’—and your own—sensitive data. And in cases of rules like HIPAA and FINRA, data sensitivity isn’t just a good idea—it’s the law. Here at Telx, we provide the compliant foundation you need to help keep your business’ data safe, and we’re audited every year for compliance with SOC 2 to prove it.

Interested in learning more about Telx, third party auditing, and compliance? See our compliance page here, or reach out to us via the contact page of our site, or by Facebook or Twitter.

Share
Architech image02 2021 12 17 134536 Architech image01 2021 12 17 134535 Architech image03 2021 12 17 134537

Future-Proof Your Digital Deployment

Connect with a Digital Realty Cloud Certified Solution Architect to help build your scalable growth strategy and transform your business.

Connect with Us