Data Center Certification and Operations Compliance

External auditing validates that CoreSite data centers maintain stringent compliance standards for data center operations, security and reliability.

Data Center Locations Get a Quote

How CoreSite Helps

CoreSite data center controls help our customers to meet a wide variety of United States regulatory requirements, such as HIPAA and FISMA. Working with our current certifications and specific customer needs, CoreSite enables our customers to achieve a high level of certification within our data centers in all of these areas.

ISO 27001

CoreSite has achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures, as well as those of all our operating data centers. The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities.

This prestigious, internationally-recognized certification reflects our commitment to provide CoreSite customers around the globe with secure, reliable, and high-performance data center colocation hosting solutions.

The certification was provided by Schellman & Company, Inc., an independent, licensed CPA firm, QSA, and accredited ISO 27001 certification body by ANSI-ASQ National Accreditation Board (ANAB) and the United Kingdom Accreditation Services (UKAS).

SOC 1 Type 2 and SOC 2 Type 2

Each year, an external auditing firm completes SOC 1 Type 2 and SOC 2 Type 2 reviews of all data centers operated by CoreSite. The report provides our customers with assurance of corporate controls, including security and environmental compliance, and validation of CoreSite's commitment to the most stringent standards of excellence in our data center operations.

SOC1 and SOC2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA) that addresses examination engagements for service providers. CoreSite leadership developed internal control objectives to support first-class data center management services that were used to complete the SOC 1 examination. The SOC 2 examination uses a standardized, third-party criteria to validate CoreSite’s compliance outlined in the Trust Services Principles.


An external assessment is completed each year by a Quality Service Assessor (QSA) to validate CoreSite’s compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.0 as a “Level 1” service provider for our colocation services. The scope of CoreSite’s assessment includes physical security and related policies at our data center facilities.

The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.