Colocation Provider CoreSite Completes Annual Compliance Examinations

Coresite

Data center colocation and interconnection solutions provider, CoreSite, has successfully completed its annual compliance examinations. These examinations relate to CoreSite’s colocation services offered across 21 operating multi-tenant data centers in its portfolio.

All of the examinations and assessments were conducted by: Schellman & Company, LLC, an independent CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, and a FedRAMP Third Party Assessment Organization (3PAO).

CoreSite successfully completed the following annual examinations:

  • System and Organization Controls (SOC) 1 Type 2 examination.
  • SOC 2 Type 2 examination.
  • International Organization for Standardization certification for Information Security Management Systems (ISO 27001).
  • National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) attestation based on the high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements for a subset of control families applicable to colocation services.
  • Payment Card Industry Data Security Standard (PCI DSS) validation.
  • Health Insurance Portability and Accountability Act (HIPAA) attestation for the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification requirements.

SOC 1 Type 2 and SOC 2 Type 2

The SOC 1 and SOC 2 examinations are attestation standards issued by the American Institute of Certified Public Accountants (AICPA), and both reports have been issued under the AICPA’s Statement on Standards for Attestation Engagements (SSAE) No. 18, and equivalent international standards.

SOC 2 is measured using a standardized set of criteria set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria. SOC 1 is measured against company-defined control objectives and underlying controls.

The examinations provide CoreSite customers with the assurance of corporate controls, including controls relating to physical and environmental security, customer support, and operational excellence. SOC 2 included the security and availability categories as defined by the AICPA Trust Services Criteria.

Companies with compliance requirements may require SOC 1 or SOC 2 examination reports, including publicly traded enterprises, financial firms, and healthcare organizations. The scope of these compliance audits is limited to the physical and environmental security controls supporting the colocation services offering. CoreSite’s Any2Exchange and Open Cloud Exchange service offerings are included within the scope of the SOC 2 examination.

ISO 27001

ISO 27001 is an internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization.

The ISO 27001 certification, one of the most stringent certifications for information security controls, confirms that specified information security controls and other forms of risk treatment are in place to detect and defend against potential information security threats and vulnerabilities. The certification also ensures that the information security controls continue to meet physical security needs on an ongoing basis.

The scope of the ISO 27001 certification is applicable to the information security management system (ISMS) supporting CoreSite’s provision and operation of 24×7 colocation services for its customers. It covers both its corporate policies and procedures as well as those of its operating data centers.

NIST 800-53

NIST 800-53 is a publication that recommends security controls for federal information systems and organizations. NIST 800-53 is published by the National Institute of Standards and Technology which creates and promotes the standards used by federal agencies to implement FISMA and manage other programs designed to protect information and promote information security.

CoreSite’s compliance is performed for the NIST 800-53 high-impact baseline controls, including additional FedRAMP requirements, for a subset of control families applicable to colocation services.

PCI DSS

The PCI DSS is a broad set of standards that require merchants and service providers that maintain or host systems that store, process, or transmit customer payment card data to adhere to strict security controls and processes.

As a provider of data center colocation services, CoreSite has proactively met the relevant requirements for its business in support of the PCI compliance needs of its customers. The most recent PCI DSS attestation of compliance (AOC) and report on compliance (ROC) have been issued under version 3.2.1.

HIPAA

HIPAA requires that covered entities and business associates take strong measures to protect the privacy and security of protected health information. By attaining an HIPAA attestation, CoreSite provide assurance to healthcare industry stakeholders. Its data center colocation services would meet the HIPAA Security Rule and HITECH Breach Notification requirements necessary to protect a covered entity’s physically hosted information systems in CoreSite’s national platform of multi-tenant data centers.

Read more colocation news on HostingJournalist.com.