But are you making that happen? And why is a robust auditing and compliance practice one of the most sought-after but least-attained goals?
Our approach is to make compliance assurance and auditing reporting easy. All of our Cloud Solutions include 100% adherence to the latest standards and practices.
VMsources first attained compliance with AICPA SOC 1 and SOC 2 in 2014. Since that time, we have continually added compliance and auditing standards through our partnership with CoreSite. As of 2021, we are pleased to announce full compliance with the highest standards in Data Center Compliance, Certification and Security.
- If you utilize any of our DRaaS / Business Continuity Solutions, you have the assurance that your data is priotected by the highest ndustry standard compliance requirements.
- When you migrate active workloads to our Secure Cloud, they automatically become part of our Auditing and Compliance and DRaaS / Business Continuity Solutions is protected as well!
Each year, an external auditing firm completes System and Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 reviews of our data center facilities. The reports provide our customers with the assurance of corporate controls, including security and environmental compliance, and validation of CoreSite's commitment to the most stringent standards of excellence in our data center operations.
SOC 1 Type 2 and SOC 2 Type 2
SOC 1 and SOC 2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA). The SOC 1 report is intended to meet the needs of user entities’ management and auditors as they evaluate the effect of a service organization’s controls on the user entity’s financial statement assertions. The SOC 2 report is intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality, and privacy. CoreSite’s SOC 2 reports include the security and availability Trust Services categories.
ISO 27001CoreSite has achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures, as well as those of all our operating data centers. The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities. This prestigious, internationally-recognized certification reflects our commitment to provide CoreSite customers around the globe with secure, reliable, and high-performance data center colocation hosting solutions.
NIST 800-53Each year, an independent Third Party Assessment Organization (3PAO) firm completes an external assessment to validate CoreSite’s strict adherence to the National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements. The scope of CoreSite’s assessment includes a subset of control families applicable to colocation services at our data center facilities. The utilization of the high-impact baseline controls for NIST 800-53 reflects CoreSite’s commitment to successfully delivering the most rigorous compliance standards to support our customers’ Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts.
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations. NIST 800-53 is published by the National Institute of Standards and Technology which creates and promotes the standards used by federal agencies to implement FISMA and manage other programs designed to protect information and promote information security.
PCI DSSEach year, a Quality Service Assessor (QSA) completes an external assessment to validate CoreSite’s compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) as a “Level 1” service provider for our colocation services. The scope of CoreSite’s assessment includes physical security and related policies at our data center facilities.
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. As a provider of data center colocation services, CoreSite has proactively met the relevant requirements for its business in support of the PCI compliance needs of its customers.
HIPAAHIPAA requires that covered entities take strong measures to protect the privacy and security of electronic protected health information (ePHI). By attaining HIPAA validation through an external attestation, CoreSite provides assurance to healthcare providers and other related enterprises that its national platform of multi-tenant data centers conforms to a high standard of data security and provides a secure environment for customers’ sensitive and confidential data.
The validation asserts that the information security program governing the colocation services implements applicable control guidance in the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification requirements.