Data Center Compliance

Data Foundry has made the investment in critical infrastructure, tools, services and personnel required to achieve data center compliance with SSAE 18, HIPAA, ISO and others. Our compliance reflects our commitment to support the highest standards for business process control, data security, and privacy.

colocation cages

SSAE 18 SOC 1 Type 2 Data Center Compliance

Data Foundry’s Texas 1, Texas 2, Austin 1 and Houston 2 are SSAE 18 Type II compliant data centers. We have successfully completed the rigorous independent audit required of the newer SSAE 18 standard. This means you can have complete confidence that your critical data and infrastructure is in a facility which employs stringent internal business processes and IT controls for the services provided.

SSAE 18 SOC 2 Type 2 Data Center Compliance

Our Texas 1, Texas 2, Austin 1 and Houston 2 data centers are also SOC 2 type 2 compliant. SOC 2 type 2 is issued under AT 101 guidelines and covers security, availability, and processing integrity of an organizations’ systems as well as their vendor management and regulatory oversight.

What is SSAE 18?

The Statements on Standards for Attestation Engagements (SSAE) is an attestation standard established by the AICPA to report on the controls and services provided to customers. As opposed to the SAS 70 audit standard, compliance with the SSAE 18 attestation standard requires the data center’s management to provide a written assertion about the fair presentation of the design, controls, and operational effectiveness of their systems. This statement, along with an independent auditor’s evaluation of controls like Data Foundry’s organization, security and change management systems, are considered when determining SSAE 18 compliance (previously SSAE 16).

HIPAA Compliance

As an operator of SSAE 18 compliant data centers, Data Foundry understands the rigors required to achieve and maintain strict data center compliance standards for the protection of data. Data Foundry is HIPAA compliant under its SSAE 18 controls for the storage and processing of data using its managed services and data center infrastructure. We also employ HIPAA-certified facility managers. Data Foundry has a long and successful history of serving HIPAA-compliant customers in the healthcare industry. We are a data center partner that understands healthcare companies’ requirements. Data Foundry has over twenty years of experience protecting the security and privacy of our customers’ data.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to ensure health insurance portability when workers change or lose their jobs as well as protecting the security and privacy of sensitive health information. HIPAA contains two rules, the Privacy Rule and the Security Rule. These rules establish national standards for how companies are required to protect the confidentiality, availability, and integrity of sensitive health information. The HIPAA Privacy Rule was updated in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH sets clear guidelines for proper interaction with health information, expands the liabilities of companies that are subject to oversight, increases fines for non-compliance, and enables more stringent enforcement.

PCI-DSS Compliance

Our Texas 1 data center has received a third-party certification for meeting PCI-DSS compliance standards. PCI-DSS certification ensures our data center meets high standards for physical security and that our staff rigorously follows security procedures. Our security policies and procedures are strictly documented, as required by PCI. Our PCI audit was performed by an external legal firm, and our certification ensures customers that handle cardholder data that it is stored or processed in a physically secure environment.

What is PCI-DSS?

The Payment Card Industry Data Security Standard is mandated by credit card brands and administered by the PCI Security Standard Council. PCI DSS consists of 12 requirements providers must meet, including firewall configuration, protecting stored data, encryption, restricting physical access and more. As a data center provider, we must meet physical security requirements, run security tests, and document and maintain security processes.

ISO 27001

Our data centers and staff comply with ISO 27001 standards, and we have received an ISO 27001:13 certification. While SSAE and PCI compliance have similar requirements, ISO certifications are more commonly recognized by auditors overseas. This certification is proof of our security team’s commitment to strict information security procedures. Unlike others in our industry, we do not outsource our security staff, and we are proud of their dedication to our customers and procedures. ISO 27001 compliance is an ongoing process that results in continuous improvement.

What is ISO 27001?

The International Organization for Standardization sets the standards included in ISO 27001. An ISO 27001 certification means Data Foundry meets internationally recognized standards that pertain to Information Security Management Systems (ISMS) and related procedures, such as information security incident management. As a colocation company, we do not manage data that resides on or passes through our customer’s equipment, however we do secure access to the facilities that house the equipment. We also store company data and PII, such as biometrics, for access control. ISO 27001 standards ensure the secure management of this data.

US-EU Safe Harbor Compliance

Data Foundry has been a member of the US-EU Safe Harbor since 2008. The US-EU Safe Harbor was established as an option under the 1998 European Commission’s Directive on Data Protection. As a member of the Safe Harbor, Data Foundry expresses its ongoing commitment to privacy and the desire to ensure smooth interaction for and with customers in the United States and Europe.

What is the US-EU Safe Harbor?

The US-EU Safe Harbor framework was approved by the European Union in 2000 as a way for US companies to verify that their privacy policies meet the standards established by the European Commission. The European Union’s approach to privacy protection is different from that of the United States. It is these differences which can result in complications for US business dealings with the EU. Under Safe Harbor, US companies are certified by the EU as providing acceptable privacy protection as defined by the European Commission.

I'm interested in