Data Center Certifications Show Commitment to Security and Compliance
Managing and maintaining an on-premises data center comes with costs and challenges that often divert resources from business-enabling initiatives. In light of that, many organizations are looking to get out of the data center business by moving IT infrastructure offsite. By utilizing the services of a co-location facility, organizations can reduce overhead and improve the reliability of their IT environment.
When selecting a co-location provider, it’s important to consider security and compliance. Does the third-party provider have adequate physical and logical security controls? Are there assurances that the provider isn’t mishandling data or exposing it to unauthorized users, intentionally or unintentionally? Does the provider understand the organization’s business, legal and regulatory compliance requirements?
Certifications offer a reliable benchmark customers can use when evaluating co-location and hosting providers. Customers should look for certifications that require providers to meet minimum technical and procedural standards, and that are assessed and verified by independent, outside auditors.
Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards, and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). It guides auditors through the discovery and verification of the security controls implemented by data centers and service providers.
Organizations must provide auditors with a written description of their security controls, including all services the organization provides and the operational processes that affect those services. In addition, organizations must submit a written assertion that the description is accurate and representative of the organization’s objectives.
Auditors verify the controls and processes through one of two types of audits. A Type 1 audit simply verifies the description and assertion. Type 2 goes further, testing the implementation and operational effectiveness of the controls over a specified period.
SOC 2 Type 2
The reports generated by an SSAE 16 audit follow the Service Organization Control (SOC) framework. SOC 1 covers financial reporting, while SOC 2 is based on the five “trust principles” of security, availability, processing integrity, privacy and confidentiality.
Certifications offer a reliable benchmark customers can use when evaluating co-location and hosting providers.
SOC 2 does not have rigid specifications but allows each organization to design security controls using the trust principles. Access controls, multifactor authentication, encryption, perimeter security, performance and process monitoring, and quality assurance are among the controls used to meet SOC 2 requirements.
SOC 2 certification is critical to the evaluation of hosting providers because it offers a level of transparency into the provider’s security and compliance capabilities. A provider that meets the requirements of all five SOC 2 categories will have robust security systems capable of detecting suspicious activity and unauthorized user access. The provider will also have an incident response plan and the ability to take appropriate action to mitigate the impact of a security threat.
GDS Hosting Solutions
GDS undergoes the rigorous process of updating our SSAE 16 and SOC 2 certifications each year to validate not only our capabilities but our commitment to protecting our customers’ systems and data. We are also compliant with a variety of government and industry regulations.
Our data center incorporates multiple layers of physical and data security, including card-key access controls and closed-circuit video cameras. Our facility also has multiple sources of conditioned power, a backup generator and redundant cooling and humidity controls. These features help create a highly available environment for our customers’ mission-critical systems.
These certifications show that our data center services are aligned with the strictest standards and industry best practices. Our customers can rest assured that we are prepared to help them meet their business, legal and regulatory compliance requirements.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.