Data Center Compliance

Data Foundry has made the investment in critical infrastructure, tools, services and personnel required to achieve data center compliance with SSAE 18, HIPAA and others. Our compliance reflects our commitment to support the highest standards for business process control, data security, and privacy.
Data Foundry attestation and compliance reports can formally be requested by customers at https://www.switch.com/audit-reports/data-foundry/. For any questions or concerns, please reach out directly to [email protected].

SSAE 18 SOC 1 Type 2 Data Center Compliance

Data Foundry’s Texas 1, Texas 2, Austin 1 and Houston 2 are SSAE 18 Type II compliant data centers. We have successfully completed the rigorous independent audit required of the newer SSAE 18 standard. This means you can have complete confidence that your critical data and infrastructure is in a facility which employs stringent internal business processes and IT controls for the services provided.

SSAE 18 SOC 2 Type 2 Data Center Compliance

Our Texas 1, Texas 2, Austin 1 and Houston 2 data centers are also SOC 2 type 2 compliant. SOC 2 type 2 is issued under AT 101 guidelines and covers security, availability, and processing integrity of an organizations’ systems as well as their vendor management and regulatory oversight.

What is SSAE 18?

The Statements on Standards for Attestation Engagements (SSAE) is an attestation standard established by the AICPA to report on the controls and services provided to customers. As opposed to the SAS 70 audit standard, compliance with the SSAE 18 attestation standard requires the data center’s management to provide a written assertion about the fair presentation of the design, controls, and operational effectiveness of their systems. This statement, along with an independent auditor’s evaluation of controls like Data Foundry’s organization, security and change management systems, are considered when determining SSAE 18 compliance (previously SSAE 16).

HIPAA Compliance

As an operator of SSAE 18 compliant data centers, Data Foundry understands the rigors required to achieve and maintain strict data center compliance standards for the protection of data. Data Foundry is HIPAA compliant under its SSAE 18 controls for the storage and processing of data using its managed services and data center infrastructure. We also employ HIPAA-certified facility managers. Data Foundry has a long and successful history of serving HIPAA-compliant customers in the healthcare industry. We are a data center partner that understands healthcare companies’ requirements. Data Foundry has over twenty years of experience protecting the security and privacy of our customers’ data.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to ensure health insurance portability when workers change or lose their jobs as well as protecting the security and privacy of sensitive health information. HIPAA contains two rules, the Privacy Rule and the Security Rule. These rules establish national standards for how companies are required to protect the confidentiality, availability, and integrity of sensitive health information. The HIPAA Privacy Rule was updated in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH sets clear guidelines for proper interaction with health information, expands the liabilities of companies that are subject to oversight, increases fines for non-compliance, and enables more stringent enforcement.

PCI-DSS Compliance

Our Texas 1 data center has received a third-party certification for meeting PCI-DSS compliance standards. PCI-DSS certification ensures our data center meets high standards for physical security and that our staff rigorously follows security procedures. Our security policies and procedures are strictly documented, as required by PCI. Our PCI audit was performed by an external legal firm, and our certification ensures customers that handle cardholder data that it is stored or processed in a physically secure environment.

What is PCI-DSS?

The International Organization for Standardization sets the standards included in ISO 27001. An ISO 27001 certification means Data Foundry meets internationally recognized standards that pertain to Information Security Management Systems (ISMS) and related procedures, such as information security incident management. As a colocation company, we do not manage data that resides on or passes through our customer’s equipment, however we do secure access to the facilities that house the equipment. We also store company data and PII, such as biometrics, for access control. ISO 27001 standards ensure the secure management of this data.

ISO 27001 Compliance

The International Organization for Standardization 27001 Standard (ISO 27001) is a globally recognized information security standard that helps ensure data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits). Additional details can be found at https://www.iso.org/isoiec-27001-information-security.html.