365 Data Centers Achieves HIPAA, PCI, SSAE 16, SOC 2 and ISAE 3402 Compliance Across All Its Facilities

365 Data Centers, a colocation provider with 16 data centers across the U.S., has announced that all 16 of its data centers are now compliant with the industry standards for HIPAA, PCI DSS 3.0, SSAE 16 SOC 1 Type 2, SOC 2 Type 2, and ISAE 3402.

A-lign, an independent accounting and auditing firm, performed the audits and confirmed 365’s compliance with these rigorous industry standards. The compliance reports provide the assurance that 365 Data Centers’ services are suitable for businesses and applications that require high security, availability, control, and data privacy.


“Certifying compliance across all facilities is a significant accomplishment and an uncommon feat these days,” said Scott G. Price, CPA/CISA/CIA, managing director, A-lign. “365 didn’t just re-certify itself for existing compliances but continues to raise the bar for client services by subjecting its data centers to an even greater and more rigorous process than last year.”

365-data-centersA-lign administered the HIPAA assessment and reconfirmed 365 Data Centers‘ compliance with HIPAA‘s Security Rule for administrative and physical safeguards, procedures, organizational safety measures, and policy and procedure and documentation requirements. 365 Data Centers’ U.S.-based colocation facilities were also found to meet the breach reporting requirements of the Health Information Technology for Economic and Clinical Health Act (“HITECH“).

Payment Card Industry

A-lign certified 365’s compliance with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information and transactions. PCI certification is critical for web-based businesses to safely process online payments.

The auditing firm also certified that 365’s facilities are compliant with the Statement on Standards for Attestation Engagements (SSAE 16) SOC 1 Type 2 and the SOC 2 Type 2 standards for systems and controls relevant to security and availability.

Additionally, A-lign found that 365 Data Centers is compliant with the International Standards for Assurance Engagements (ISAE) 3402, a global assurance standard for reporting on controls at service organizations to protect shareholders and the general public from accounting errors and material misstatements. SSAE 16 standards were developed specifically for certified public accountants (CPAs) to evaluate an entity’s internal controls and the impact a service organization may have on the entity’s control environment.