← Back to Main Page
Security and Compliance: Need-to-Know Abbreviations
March 28, 2014 | Written by
Martin Triplett, Director, Process and Program Management
As we’ve mentioned here on our blog before, the data center services world is full of many terms and abbreviations that are often very tough to follow if you don’t work in the industry.
Nowhere is that more true than in the security and compliance segment of data center services. From SSAE 16 to HIPAA, the abbreviations in security and compliance are notoriously tough to keep track of.
In order to help keep you informed about the most important abbreviations in the security and compliance space, we’ve compiled a brief list of definitions of some need-to-know abbreviations. You can find our list below:
SSAE 16: The Statements on Standards for Attestation Engagements No. 16 is a set of auditing standards from the American Institute of Certified Public Accountants. Broken up into three types of Service Organization Controls (SOC), SSAE 16 is a way for a third party to measure levels and types of compliance within the world of data centers and colocation providers here in the United States.
SAS 70: SAS 70, or the Statement on Auditing Standards No. 70, is the set of standards that was in place for nearly 18 years before being replaced by SSAE 16.
SOC 2: Service Organization Controls 2 is the most exhaustive reporting form of SOC compliance and includes an examination of adherence to, and testing of, controls for specific “Trust Services Principles” (TSP) of criteria within each of the five reportable sections of SOC 2 (Security, Availability, Processing Integrity, Confidentiality, and Privacy).
SOC 3: SOC 3 is a report focused on whether or not an entity meets the required standards and does not include the specific test methods, results, or opinions of the examiner.
PCI DSS: The Payment Card Industry Data Security Standard, or PCI DSS, is a set of regulations put together by the PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. PCI DSS is an information security standard for organizations that handle cardholder information.
HIPAA: The Health Insurance Portability and Accountability Act of 1996, or HIPAA, encompasses several rules: the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, and the confidentiality provisions of the Patient Safety Rule, all of which are dedicated to the protection of individually identifiable health information.
As you can see, there are many important abbreviations and terms in the security and compliance portion of the data center services world. Our list of definitions here, however, is a great place to start if you’re looking to know the most important terms that you’re likely to hear in daily operations.
Does your business deal with sensitive information that you want to make sure is in secure hands? Read our post on the third-party auditing of Telx’s data centers for more information about our SOC 2 compliance. And if have any additional questions, or if you’d like to learn more about any of the services we offer, you can see our compliance page here, or reach out to us via the contact page of our site, by Facebook, or by Twitter.